72% of enterprise users have at least one browser extension with a known CVE. Pulled the numbers on our org and it tracks.
Came across this study and it pushed me to run the audit I'd been putting off. We came in slightly worse than the 72% benchmark. Most of it isn't malware, just abandoned grammar tools and a screen recorder a PM installed in 2022. The AI extension piece got me tho. They're 60% more likely to have
ORIGINAL SOURCE →via Reddit r/netsec
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] CVE-2026-27785 - Milesight Cameras Use of Hard-coded Credentials
- [CYBER] CVE-2026-40977 - Spring Boot PID File Corruption Vulnerability (Local File Corruption)
- [CYBER] CVE-2026-40976 - "Spring Boot Default Web Security Bypass"
- [CYBER] CVE-2026-40975 - Spring Boot Weak PRNG for Secrets
- [CYBER] CVE-2026-40974 - Spring Boot Cassandra SSL Hostname Verification Bypass
- [CYBER] CVE-2026-7200 - SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting