Chrome Extension Could Hijack Gemini for Privilege Escalation; MS Warns of OAuth Phishing Campaign; RESURGE Malware Analysis Report Update

Palo Alto Networks Unit 42 has published threat research describing a high severity vulnerability affecting the Gemini AI agent as implemented in the Chrome browser prior to 143.0.7499.192. CVE-2026-0628, CVSS score 8.8, allows an attacker to inject scripts or HTML into a privileged page by convincing a user to install a malicious Chrome extension, due to insufficient policy enforcement in WebView tag in Chrome. Unit 42 notes that exploitation could "[allow] malicious extensions with basic permissions to hijack the new Gemini Live in Chrome browser panel," leading to privilege escalation that gives an attacker control of the device camera and microphone, the ability to take screenshots of websites, and access to local directories and files. Following responsible private disclosure by Unit 42 on October 23, 2025, Google released a fix for the flaw on January 5, 2026. Unit 42's research highlights the unique security risks posed by browsers with agentic AI integration, explaining that the vulnerability allowed an extension with basic permissions through the declarativeNetRequests API to intercept and change the properties of hxxps[:]//gemini.google[.]com/app when loaded in the Gemini panel, giving the extension some of Gemini's powerful and privileged capabilities. "This difference in what type of component loads the Gemini app is the line between by-design behavior and a security flaw. An extension influencing a website is expected. However, an extension influencing a component that is baked into the browser is a serious security risk." Anupam Upadhyaya, senior vice president of product management for Palo Alto Networks' Prisma SASE, stated to Dark Reading that "designers should build in real-time inspection of prompts, AI responses, and rendered content directly inside the browser, where users, data, and AI interact," and consider browsers as both "a primary attack surface and a potential control plane."

The Microsoft Defender Security Research Team has published a blog describing their observation of "phishing-led exploitation of OAuth’s by-design redirection mechanisms." The scheme targets both public and private sector organizations and "uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without stealing tokens." The researcher identified and removed several malicious OAuth applications but cautioned that "related OAuth activity persists and requires ongoing monitoring."

The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its malware analysis report for RESURGE malware. The updated report offers "deeper technical insight into RESURGE to provide network defenders with enhanced understanding and tools to identify, mitigate, and respond to RESURGE." CISA analysis indicates "that RESURGE can remain latent on systems until a remote actor attempts to connect to the compromised device ... [and] assesses that RESURGE may be dormant and undetected on Ivanti Connect Secure devices and remains an active threat." RESURGE involves the exploitation of CVE-2025-0282, a critical stack-based buffer overflow/out-of-bounds write vulnerability in certain versions of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. The updated report includes indicators of compromise (IoCs) and detection signatures.

Researchers from the University of California, Riverside, have presented a paper detailing new classes of machine-in-the-middle (MitM) cyberattacks that allow Wi-Fi clients to attack other clients on the same network by bypassing Wi-Fi access point (AP) client isolation mechanisms. Dubbed "AirSnitch," the series of attacks break past the isolation meant to protect against ARP poisoning and ICMP redirects; "every tested router and network was vulnerable to at least one attack," including routers from Netgear, Tenda, D-Link, TP-Link, ASUS, Ubiquiti, LANCOM, and Cisco, plus those running DD-WRT and OpenWrt. The attack techniques include abusing a shared Group Temporal Key (GTK), gateway bouncing, port stealing, and combining techniques to obtain full bi-directional MitM. The paper cites three root causes: "First, Wi-Fi keys that protect broadcast frames are improperly managed and can be abused to bypass client isolation. Second, isolation is often only enforced at the MAC or IP layer, but not both. Third, weak synchronization of a client’s identity across the network stack allows one to bypass Wi-Fi client isolation at the network layer instead, enabling the interception of uplink and downlink traffic of other clients as well as internal backend devices." The researchers' techniques can also be used in enterprise networks to steal uplink RADIUS packets and set up a rogue RADIUS server to intercept traffic and credentials. The researchers characterize isolation mechanisms as "inconsistent, ad hoc, and often incomplete," lacking standardization across vendors, and state, "this defense was added by vendors without proper public review. [...] We hope our work motivates standardization groups to more rigorously specify the requirements of client isolation and that Wi-Fi vendors will implement the same more securely." SANS instructors James Leyte-Vidal and Larry Pesce hosted a webinar on Monday, March 2, 2026, evaluating the impact of the findings. Their recommended mitigations include immediately implementing VLAN segmentation and IP spoofing prevention; in the near-term, requesting per-client GTK randomization, implementing MAC spoofing prevention, and centralizing controller decryption; and in the long term, standardizing to MACsec and IEEE 802.11: https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be

A Greek court has convicted four people associated with Intellexa, a spyware company, on charges related to "illegal wiretapping of government ministers, military officials, and journalists." The four individuals include Intellexa's founder, his former wife and business partner, an Intellexa executive — all of whom were sanctioned by the US government in 2024 — and an individual who owns a Greek company that purchased Intellexa's Predator spyware. All have been sentenced to eight years in prison. In March 2022, a Greek journalist discovered that his phone had been infected with Predator spyware and that "he had been wiretapped by the Greek National Intelligence Service." Several months later, a Greek politician learned that his phone had been infected with spyware as well. In all, Intellexa spyware was found to have been used against more than 90 Greek citizens between 2020 and 2021.

In a report to their state legislature, the University of Hawai'i said that an August 2025 ransomware attack compromised personal information of as many as 1.24 million individuals at the University of Hawai'i Cancer Center (UHCC). The attack was detected on August 31, 2025, and was disclosed publicly in January 2026; at that time, the number of affected individuals had not been determined. Once the encrypted data were decrypted, UHCC was able to establish that "a majority of the files related to a specific cancer study and largely contained only research data with no Personal Information about the research subjects." Further investigation uncovered " a set of files dating back to the 1990s containing Social Security numbers for study participants. These Social Security numbers were used in the 1990s to identify research participants before UH began using a different convention for identifying research subjects." The University of Hawaii is taking steps to notify affected individuals. They have also strengthened their systems' security measures by deploying endpoint protection software that is monitored 24/7, rebuilding compromised systems, bringing in outside expertise, and other measures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published an Industrial Control System (ICS) advisory for multiple vulnerabilities in Gardyn Home Kit, a smart indoor vertical hydroponic gardening system. CISA notes that "successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment." Two of the flaws are critical: CVE-2025-29631 may allow an attacker to execute arbitrary operating system commands on a target Home Kit; and CVE-2025-1242 is a critical hard-coded credentials issue that may result in an attacker gaining full administrative access to the Gardyn IoT Hub, exposing connected devices to malicious control. Two of the flaws are high severity: CVE-2025-29628 is caused by a Gardyn Azure IoT Hub connection string being downloaded over an insecure HTTP connection, leaving the string vulnerable to interception and modification through a man-in-the-middle attack, and which may result in the attacker capturing device credentials or taking control of vulnerable home kits; and CVE-2025-29629 is caused by Gardyn Home Kit firmware using weak default credentials for secure shell access. Fixes are available and users are advised to update their Gardyn firmware and mobile app as soon as possible.

South Korea's National Tax Service has apologized for inadvertently publishing a recovery phrase that allowed seized cryptocurrency to be stolen. On February 26, the Tax Service announced that it had seized cash and luxury items from individuals who were delinquent on their taxes. The seized funds included 6.9 billion Korean won (€4.03 million / US$4.7 million) in virtual assets. The announcement was accompanied by a photograph that included a seed phrase that could be used to access cryptocurrency funds. In an odd turn of events, the seized virtual funds were stolen twice. The first time, the funds were taken from the crypto wallet and then returned; the thief claimed to have been acting "out of curiosity." Several hours later, the funds were stolen again and have not been returned. However, as the register notes, "the one tiny upside in this whole mess is that the heist was of course recorded on a blockchain, so the Tax Service has asked Korea’s National Police Agency to track down whoever emptied the wallet."

Cisco Talos has published a threat spotlight describing a campaign of multi-stage cyberattacks ongoing since December 2025, targeting primarily US education institutions and healthcare facilities with persistent backdoor malware. The attackers gain initial access through social engineering and phishing via email, leading to the execution of a PowerShell script that downloads a Windows batch script dropper, which in turn "orchestrates a DLL sideloading technique to execute the malicious DLL while simultaneously conducting anti-forensic cleanup." The DLL operates as a loader to "download, decrypt, and execute malicious payloads within legitimate Windows processes," ultimately connecting to a command-and-control (C2) IP address resolved through DNS-over-HTTPS (DoH, giving the DLL its nickname, “Dohdoor”) and evading EDR to inject a payload believed to be Cobalt Strike Beacon into legitimate binaries. Talos provides indicators of compromise (IoCs), as well as a ClamAV signature and SNORT security identifiers.