← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Secure Annex - Enterprise Browser Extension Security & Management Platform
WHITE z_ack000 2024-12-30 Modified: 2024-12-30
13
IOCs
MEDIUM VOLUME
On December 26th, 2024, Cyberhaven sent out an email to their users informing them that their extension had been compromised after an administrator account pushed a new update with malicious code to the Chrome web store. As users investigated the incident, it was discovered that more extensions had been compromised in the same way. This is a live blog post as more is learned about the incident and attack.
browser extension securityannexcompromisesecure annex
Indicators of Compromise (13)
All hostname domain
TYPEINDICATORDESCRIPTIONCREATED
hostname api.searchcopilot.co 2024-12-30
hostname cr.sclpfybn.com 2024-12-30
hostname ext.linewizeconnect.com 2024-12-30
hostname api.tnagofsg.com 2024-12-30
hostname id.tnagofsg.com 2024-12-30
hostname cs.sclpfybn.com 2024-12-30
hostname id.sclpfybn.com 2024-12-30
domain internxtvpn.pro 2024-12-30
domain sclpfybn.com 2024-12-30
domain tinamind.info 2024-12-30
domain tnagofsg.com 2024-12-30
domain wakelet.ink 2024-12-30
hostname www.sclpfybn.com 2024-12-30
References (1)
↗ https://secureannex.com/blog/cyberhaven-extension-compromise/