Latest news with #WebStore
Time of India
4 days ago
- Entertainment
- Time of India
Pokémon GO's drops June GO Pass with free Articuno and bonus loot
Image via Niantic June is here, and Pokémon GO is kicking things off with a bang! Niantic has officially rolled out the GO Pass for June 2025, which is a new way for trainers to unlock juicy in-game rewards, including an encounter with none other than the legendary Articuno. If you're a Trainer looking to level up your game this month, you'll want to pay attention. Let's break down everything you need to know, fast. GO Pass Dates & Access Duration: June 3, 10:00 a.m. – July 1, 10:00 a.m. (local time) How to Get It: Free GO Pass : Automatically granted to all players. Deluxe & Deluxe +10 Levels : Purchase via the Pokémon GO Web Store for extra perks. Whether you're a casual collector or a battle-hardened veteran, there's something here for you. May GO Pass Deluxe is Here! THIS Is What You'll Get! We Finally Got THIS! (Pokémon GO) Headliner Reward: Articuno Returns The highlight of this month's GO Pass? A guaranteed encounter with the legendary Ice/Flying-type Articuno, complete with a limited-time 'Delightful Days' themed background. A true Gen I classic, this majestic bird is back and looking cooler than ever. Pro Tip : The background is only available during this event, making this version of Articuno extra collectible. Free Pass Rewards – No Strings Attached All players will unlock rewards as they collect GO Points and level up their pass. Here's what's in the mix: Articuno Encounter XP Boosts Stardust Max Particles Poke Balls Candy And other handy items! It's a low-effort, high-reward way to get more from your daily gameplay. THE LUCKY TRINKET IS FINALLY BACK FOR EVERYONE! New June Event Pass / Shiny Salandit & More! Deluxe GO Pass – The Premium Edge If you're ready to go beyond the basics, the Deluxe and Deluxe +10 Levels versions offer serious value: Key Extras: Lucky Trinket : Instantly makes a friend into a Lucky Friend for your next trade Super Incubator Premium Battle Passes Incense, Lucky Egg, Lure Modules Extra Pokémon encounters XL Candy and more Bonus Gift (Deluxe +10 only): 10 Ultra Balls 5 Max Revives 5 Max Potions 1 Premium Battle Pass This is ideal for players chasing rare spawns or prepping for battle-heavy weekends. Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Encontre voos low-cost Voos | Anúncios de Pesquisa Saiba Mais Undo Milestone Bonuses – Keep Climbing Reach these ranks to unlock tiered rewards: Rank 25: +50% XP from Friendship level-ups Rank 50: More XP and Stardust from Research Breakthroughs Rank 75: Boosted XP and Stardust from Egg hatches And from June 28–29, there's no cap on how many GO Points you can earn, so that's your window to grind hard and fly up the ranks. This June, Pokémon GO is offering one of the most well-rounded GO Passes yet. Whether you're here for the nostalgic return of Articuno, the XP grind, or the sweet premium items, there's something for every type of Trainer. Ready to catch them all (again)? Get out there and make this GO Pass count.
Techday NZ
30-05-2025
- Techday NZ
Experts warn of surge in Google, Apple, Microsoft breaches
Cybersecurity experts are raising alarm over a significant campaign targeting users through the Google Chrome Web Store, as well as the discovery of a vast database containing hundreds of millions of stolen log-in credentials. The recent developments underscore rising risks associated with browser extensions and the continuing vulnerabilities in digital identity platforms. "A Google Chrome Web Store campaign is using over 100 malicious browsers that mimic tools like VPNs, AI assistants, and crypto utilities to steal cookies and execute remote scripts secretly. Though Google has removed many extensions identified, some still remain on the Web Store," said Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ. "The campaign relies on malvertising strategies to trick users into clicking buttons that link to malicious browser extensions. The extensions connect the victim to the threat actor's infrastructure, allowing information to be stolen, as well as modifying network traffic to deliver ads, perform redirections, or serve as a proxy. "With some of these extensions still active on the Chrome Web Store, it is essential that individuals and organizations take appropriate precautions. Knowledge is key -- users should only trust proven, reputable publishers and familiarize themselves with lure website domains. Additionally, organizations should implement adversarial exposure validation tools to ensure their security systems are tested against malicious browser campaigns." The campaign's persistence highlights the challenges facing platform operators like Google in completely eradicating malicious content from widely used app stores. With new extensions and techniques emerging regularly, the risk to end users remains ongoing. Meanwhile, cybersecurity concerns have been exacerbated by the discovery of a database containing an estimated 184 million records of stolen log-in credentials. The database reportedly contains detailed access information for popular services, including Apple, Microsoft, Google, Facebook, Instagram, Snapchat, as well as various banking, healthcare, and government platforms across numerous countries. "What's most noteworthy is how this breach highlights the immense value of centralized identity platforms like Google, Okta, Apple and Meta to attackers. With over 184 million records exposed, threat actors can now launch widespread account takeover attempts across countless SaaS applications and cloud services that rely on these providers for authentication," sid Cory Michal, Chief Security Officer at AppOmni. "This is not surprising. Databases like this are regularly bought, sold, and repackaged on dark web forums like BreachForums. Massive credential dumps are part of an ongoing black market where breached data is commoditized and often aggregated from multiple incidents over time. What's new isn't the existence of the data, but the scale, the recency of some credentials, and the targeting of identity providers that are widely used to access SaaS and cloud services—making this breach especially potent for enabling downstream account takeovers. "This breach calls attention to a bigger issue. We increasingly run our personal and professional lives through online platforms and SaaS products, yet our digital identities are still largely protected by outdated, vulnerable methods like usernames, passwords, and easily phishable MFA methods. As long as these remain the primary means of access, attackers will continue to exploit them at scale with infostealer malware and phishing. This highlights the urgent need for adoption of stronger, phishing-resistant authentication methods, continuous identity monitoring, and a shift toward identity-centric security models. "It also reinforces the need for organizations to adopt an identity-centric security posture and monitor for malicious activity even when logins appear legitimate. In today's SaaS driven environments, users and systems authenticate from anywhere, often using federated identity providers like Apple, Google, and Meta. This makes identity a primary control point for security." Both incidents reveal the critical need for vigilance and adaptation in security practices, as threat actors continue to exploit outdated habits and overlooked vulnerabilities with increasing effectiveness and reach.
Fox News
13-03-2025
- Fox News
Dangerous Chrome extensions mimic password managers
Chrome extensions are incredibly useful, whether you want to block ads, track the best deals or enhance your browsing experience. They can be downloaded from the Chrome Web Store, which functions like the Play Store but for extensions. However, extensions are easier to mimic and turn into malicious software compared to apps. As we just reported, over 3.2 million users were victimized by a security breach tied to 16 malicious browser extensions, highlighting how attackers exploit tools that seem legitimate to spread malware or steal sensitive data. Now, security researchers have discovered a polymorphic attack that allows malicious Chrome extensions to transform into other browser extensions, including password managers, crypto wallets and banking apps, to steal sensitive information. Keep reading to learn how this attack works and how to protect yourself from it. Security researchers at SquareX Labs have found a new attack that lets malicious Chrome extensions disguise themselves as legitimate ones, like password managers, crypto wallets and banking apps, to steal sensitive information. This "polymorphic" attack takes advantage of Chrome's extension system to trick users while staying under the radar. The attack starts with hackers uploading what looks like a harmless extension to the Chrome Web Store. It might even have real features, like an AI-powered marketing tool, to convince users to install and pin it to their browser. Once installed, the malicious extension scans the victim's browser for other extensions. It can do this in two ways. If it has permission to use the " API, it grabs a list of installed extensions directly. If not, it injects code into web pages to check for unique files or resources tied to certain extensions. If it finds a targeted extension, like 1Password, the malicious extension reports back to an attacker-controlled server. The attacker then tells it to impersonate the real extension by disabling it if permissions allow, changing its name and icon and displaying a fake login popup that looks just like the real thing. To steal user credentials, the malicious extension triggers a fake "Session Expired" prompt when the victim tries to log in to a website. This tricks them into thinking they need to reenter their credentials for their password manager or banking app. When they do, the stolen data is sent straight to the attackers. After collecting the credentials, the extension switches back to its original form. It restores the legitimate extension, making everything look normal so the victim doesn't suspect anything. This shows just how dangerous malicious Chrome extensions can be and why stronger security measures are needed to protect users. We reached out to Google, and a spokesperson told CyberGuy, "We appreciate the work of the research community and we've received the report. We are constantly investing in ways to improve the security of the Chrome Web Store, and we take appropriate action when we learn of emerging threats." Here are five ways to safeguard your sensitive information and maintain your online privacy. 1. Keep your browser and extensions up to date: Outdated software is a goldmine for cybercriminals. Bugs or security gaps in old versions of your browser or extensions can be exploited to inject malicious code, steal data or take control of your system. Updates patch these vulnerabilities, making them a critical line of defense. Turn on automatic updates for your browser (e.g., Chrome, Firefox, Edge) so you're always running the latest version without thinking about it. See my guide on keeping your devices and apps updated for more information. 2. Install extensions only from trusted sources: Official browser stores like the Chrome Web Store or Firefox Add-ons have rules and scans to catch bad actors, but they're not perfect. Extensions from random websites or third-party downloads are far more likely to hide malware or spyware. Stick to the official store for your browser; don't download extensions from sketchy links. 3. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 4. Update your passwords: Change passwords for any accounts that may have been affected by the extension and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts. Get more details about my best expert-reviewed password managers of 2025 here. 5. Invest in personal data removal services: If your personal data gets stolen by the extension, it's crucial to act quickly to reduce your risk of identity theft and scams. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. The malicious extension highlights that Google isn't doing enough to keep malware off its platform. Security researchers pointed out that the Chrome Web Store lacks protections against these types of attacks, such as blocking sudden changes to an extension's icon or HTML, or at least alerting users when such changes occur. The problem isn't limited to the Chrome Web Store. The Play Store also hosts malicious apps from time to time, affecting millions of users. Google needs to step up its security efforts and put user privacy front and center. Do you trust Google to keep malicious apps and extensions off its platforms? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Yahoo
12-03-2025
- Business
- Yahoo
Google reacts to questionable shopping Chrome extensions
Google has updated its policies for Chrome extensions following a controversy over the Honey extension. The extension, from PayPal, has been accused by creators of misappropriating affiliate links without its users' knowledge, and Google now specifies that similar extensions are not permitted on its Chrome Web Store. The issue regarding Honey came to light in December 2024, when YouTubers accused the extension of being a scam. The extension claimed to search through discount codes and automatically apply them to user's shopping baskets across many different websites. However, it has been accused of injecting its own affiliate links into users' purchases without their knowledge, taking revenue from content creators who also use affiliate links. In an ironic twist, this likely negatively affected the same tech influencers that Honey paid to promote its extension. Now, Google has updated its Chrome extension policy to clarify that isn't allowed. 'Affiliate links, codes, or cookies must only be included when the extension provides a direct and transparent user benefit related to the extension's core functionality. It is not permitted to inject affiliate links without related user action and without providing a tangible benefit to users,' Google wrote. To make it extra clear, Google also listed out the kinds of violations that would be forbidden, including 'An extension that updates a shopping-related cookie without the user's knowledge while the user is browsing shopping sites,' 'An extension that appends an affiliate code to the URL or replaces an existing affiliate code in the URL without the user's explicit knowledge or related user action,' and 'An extension that applies or replaces affiliate promo codes without the user's explicit knowledge or related user action.' However, at time of writing, the Honey extension is still available for download in the Chrome Web Store. It's not yet clear if Honey has updated its extension to comply with the policy or whether it will have to make changes to remain on the Web Store.
