Is Your Browser Extension Secretly Spying on You? | The Awareness Angle #18
This week, we’ve got a mix of big security stories, clever scams, and some surprising insights into how people react to cyber threats. Windows 10 is reaching end-of-life, which means millions of devices are about to be left wide open to attacks. If you or your organisation are still running it, now’s the time to act. But why is Microsoft forcing the upgrade, and what happens if people don’t?
We also dive into a sneaky phishing trick using fake captchas to get people to run malicious commands without realising. If you haven’t warned your colleagues or friends about this yet, you probably should. Plus, we break down a worrying trend—browser extensions getting secretly sold and repurposed for spying. That handy little plugin you installed ages ago? It might not be working for you anymore.
On top of that, we look at a new malware campaign spreading through YouTube and Discord, tricking gamers into downloading malware disguised as cheat tools and cracked software. And remember that Disney data breach that was blamed on AI? Well, the real story might not be what you think. We dig into how the narrative changed and why it’s a reminder to fact-check security news before spreading it.
We also take a look at TikTok’s latest attempt to encourage users to enable two-factor authentication. Is their quirky campaign actually effective, or is it just more marketing fluff? And finally, we highlight a great LinkedIn post from someone who got caught up in a cyberattack just by visiting the wrong website—proving that security isn’t just about avoiding mistakes, but also how we respond when things go wrong.
It’s a packed episode with plenty to dig into. Let’s get into it!
Sign up for The Awareness Angle Newsletter today and get notified every time a new episode is released. Each newsletter contains details of the topics discussed and more from the world of Security Awareness.
You're almost there!
To confirm your subscription, please check your inbox for a confirmation email. Click the link in the email to complete your signup and start receiving our newsletter!
If you don’t see the email within a few minutes, check your spam or junk folder, just in case.
Thank you for subscribing!
💬 Episode 18 Discussion Points
💻 | Windows 10 EOL - What to Expect https://www.pcworld.com/article/2583550/windows-10-will-hit-end-of-life-in-2025-heres-what-to-expect.html
🎮 | Arcane Infostealer Targets Gamers https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/
📩 | Adobe and DocuSign OAuth Phishing https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/
🛑 | ClickFix Phishing Campaign https://www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/
🛍️ | Buying Browser Extensions
https://www.secureannex.com/blog/buying-browser-extensions/
🤖 | Actively Exploited ChatGPT Bug Puts Organisations At Risk https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk
🔑 | TikTok 2FA
https://vm.tiktok.com/ZNddhMFgy/
🌐 | Google Dark Web Results
https://www.bbc.co.uk/news/articles/c798xv5qwylo
🎭 | What Really Caused the 2024 Disney Breach? A ChatGPT Conversation https://chatgpt.com/share/67dc834f-7774-8003-8c6e-cced68ef28f0
Missed the episode? Watch it below!