news 
Cyberhaven Says It Was Hacked to Publish Malicious Update to Its Chrome Extension
In the latest development in cybersecurity, Data-loss prevention startup Cyberhaven has been targeted by hackers who published a malicious update to its Chrome extension. The incident is part of a larger campaign that seems to have affected multiple companies and their extensions.
According to reports, Cyberhaven’s Chrome extension was compromised, resulting in a malicious update being pushed out to users. This allowed attackers to potentially gain access to sensitive data or carry out other nefarious activities.
It appears that the attack was opportunistic in nature, with hackers targeting developers whose credentials were already compromised. Jaime Blasco, co-founder and CTO of Nudge Security, stated in posts on X that several other Chrome extensions were similarly affected, including those related to AI, productivity, and VPNs.
Cyberhaven has confirmed the incident and is currently conducting an investigation into the matter. The company has also hired an incident response firm, Mandiant, and is actively cooperating with federal law enforcement agencies.
While Cyberhaven did not provide information on how the account compromise occurred, it acknowledged that this attack was part of a larger campaign targeting Chrome extension developers across various companies. Further details are still being investigated.
As for the extent of the impact, the company’s statement did not specify what data may have been accessed or compromised during the incident. The company is currently reviewing its security practices and implementing additional safeguards based on findings from the incident.
Blasco believes that more extensions were impacted earlier this year, including those related to AI, productivity, and VPNs. He emphasized that it was not a targeted attack against Cyberhaven specifically, but rather an opportunistic move by hackers who took advantage of already compromised developer credentials.
The news highlights the importance of maintaining strong security practices and regularly reviewing account access to prevent such attacks from occurring.
Source: techcrunch.com
