Cybersecurity Help is a global vulnerability intelligence provider. We monitor vulnerabilities in software from 60,000+ vendors and help customers prevent potential data breaches by addressing them proactively.
Request DemoThere are no other public reports so far confirming active exploitation of CVE-2020-9715, CVE-2023-36424, or CVE-2025-60710 besides CISA’s KEV list.
4 min readResearchers found that 54 of the extensions specifically target Google account data using OAuth2, while 45 include a hidden backdoor.
2 min readThe hackers used a tactic called “pretexting,” tricking victims into downloading a fake PDF viewer.
2 min readAuthorities also detained the alleged developer of the operation and seized key domains linked to the scheme.
3 min readThe attack involves an Open VSX extension disguised as the popular time-tracking tool WakaTime.
2 min read