Google and Microsoft

Cyber firm Koi Security reported that a long-running “ShadyPanda” campaign turned benign Chrome and Edge extensions into spyware via trusted auto-updates, impacting 4.3 million users. Google and Microsoft said they have removed all identified malicious extensions from their stores; the add-ons, some dating to 2018, later received updates enabling data theft, search hijacking, and remote code execution.