SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cloud Security
#
Phishing
#
Physical Security

Experts warn of surge in Google, Apple, Microsoft breaches

Yesterday
Author image
By Shannon Williams, Journalist

Cybersecurity experts are raising alarm over a significant campaign targeting users through the Google Chrome Web Store, as well as the discovery of a vast database containing hundreds of millions of stolen log-in credentials. The recent developments underscore rising risks associated with browser extensions and the continuing vulnerabilities in digital identity platforms.

"A Google Chrome Web Store campaign is using over 100 malicious browsers that mimic tools like VPNs, AI assistants, and crypto utilities to steal cookies and execute remote scripts secretly. Though Google has removed many extensions identified, some still remain on the Web Store," said Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ.

"The campaign relies on malvertising strategies to trick users into clicking buttons that link to malicious browser extensions. The extensions connect the victim to the threat actor's infrastructure, allowing information to be stolen, as well as modifying network traffic to deliver ads, perform redirections, or serve as a proxy.

"With some of these extensions still active on the Chrome Web Store, it is essential that individuals and organizations take appropriate precautions. Knowledge is key -- users should only trust proven, reputable publishers and familiarize themselves with lure website domains. Additionally, organizations should implement adversarial exposure validation tools to ensure their security systems are tested against malicious browser campaigns."

 

The campaign's persistence highlights the challenges facing platform operators like Google in completely eradicating malicious content from widely used app stores. With new extensions and techniques emerging regularly, the risk to end users remains ongoing.

Meanwhile, cybersecurity concerns have been exacerbated by the discovery of a database containing an estimated 184 million records of stolen log-in credentials. The database reportedly contains detailed access information for popular services, including Apple, Microsoft, Google, Facebook, Instagram, Snapchat, as well as various banking, healthcare, and government platforms across numerous countries.

"What's most noteworthy is how this breach highlights the immense value of centralized identity platforms like Google, Okta, Apple and Meta to attackers. With over 184 million records exposed, threat actors can now launch widespread account takeover attempts across countless SaaS applications and cloud services that rely on these providers for authentication," sid Cory Michal, Chief Security Officer at AppOmni.

"This is not surprising. Databases like this are regularly bought, sold, and repackaged on dark web forums like BreachForums. Massive credential dumps are part of an ongoing black market where breached data is commoditized and often aggregated from multiple incidents over time. What's new isn't the existence of the data, but the scale, the recency of some credentials, and the targeting of identity providers that are widely used to access SaaS and cloud services—making this breach especially potent for enabling downstream account takeovers.

"This breach calls attention to a bigger issue. We increasingly run our personal and professional lives through online platforms and SaaS products, yet our digital identities are still largely protected by outdated, vulnerable methods like usernames, passwords, and easily phishable MFA methods. As long as these remain the primary means of access, attackers will continue to exploit them at scale with infostealer malware and phishing. This highlights the urgent need for adoption of stronger, phishing-resistant authentication methods, continuous identity monitoring, and a shift toward identity-centric security models.

"It also reinforces the need for organizations to adopt an identity-centric security posture and monitor for malicious activity even when logins appear legitimate. In today's SaaS driven environments, users and systems authenticate from anywhere, often using federated identity providers like Apple, Google, and Meta. This makes identity a primary control point for security."

Both incidents reveal the critical need for vigilance and adaptation in security practices, as threat actors continue to exploit outdated habits and overlooked vulnerabilities with increasing effectiveness and reach.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SentinelOne named a Customers' Choice in 2025 Gartner XDR report
Check Point launches AI-powered cybersecurity platform in Singapore
AI agents spark new enterprise security fears, report shows
Westcon-Comstor hits record USD $5.24 billion sales in FY25
ExtensionPedia launches with risk scores for 200K browser add-ons
Top stories
SEON expands APAC team as demand for fraud tech solutions rises
Bitdefender unveils upgrades to partner & MSP programmes
Most high-traffic email domains still vulnerable to phishing
Safari users at heightened risk from new fullscreen BitM attack
Hacking Games & Immersive partner to train cyber talent