Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
Claude for Chrome v1.0.80 still accepts forged clicks from other extensions, triggering Gmail, Docs, and Calendar tasks ...