News

Malicious Chrome Extension Steals Meta Business Data and 2FA Codes

Luciano Ferrari

13 Feb 2026 — 2 min read

Friday, February 13, 2026

Top 5 Cybersecurity Stories You Should Know

Malicious Chrome Extension Steals Meta Business Data and 2FA Codes — tl;dr: A malicious Google Chrome extension named CL Suite has been identified, designed to steal sensitive data from Meta Business Suite and Facebook Business Manager. Despite being marketed for legitimate purposes, the extension exfiltrates TOTP codes and contact lists to the threat actor's infrastructure. Users are urged to avoid installing unverified extensions and to monitor their accounts for unauthorized access. This incident highlights the risks associated with browser add-ons and the need for enhanced vigilance in managing digital tools.
↪ https://thehackernews.com/
CISA Addresses Evolving Cyber Threats and Response Strategies — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) is actively tracking and sharing information on the latest cybersecurity threats, including malware, phishing, and ransomware. With nation-state actors exploiting vulnerabilities to compromise essential services, CISA emphasizes that all sectors—individuals, businesses, and governments—must collaborate to mitigate risks. The agency provides resources like alerts, advisories, and a Known Exploited Vulnerabilities catalog to help organizations prioritize their cybersecurity efforts. Staying informed and utilizing CISA's tools are crucial for enhancing national security and defending against cyber threats.
↪ https://www.cisa.gov/topics/cyber-threats-and-response
CVE-2025-6554: Zero-Day in Chrome Highlights Need for Zero Trust Security — tl;dr: The recent Chrome zero-day vulnerability, CVE-2025-6554, underscores the critical need for robust browser security measures. As attackers increasingly exploit browser vulnerabilities before patches are available, organizations must adopt a Zero Trust approach to safeguard sensitive data and business operations. Traditional patching methods are insufficient, necessitating real-time protection solutions like the Menlo Secure Cloud Browser. Users are advised to keep their browsers updated, exercise caution with unfamiliar websites, and remain vigilant for unusual browser behavior to mitigate risks associated with this and future zero-day threats.
↪ https://www.linkedin.com/posts/menlo-security_chrome-zero-day-why-browser-security-is-activity-7348477992660070416-sdcJ
Under Armour Data Breach 2025: Everest Ransomware Exposes 72.7M Customer Records — tl;dr: In late 2025, Under Armour suffered a major data breach attributed to the Everest ransomware group, compromising sensitive information of approximately 72.7 million customers. Exposed data includes names, email addresses, purchase history, and employee information, but payment systems and passwords remain secure. The breach has sparked multiple class action lawsuits and raised serious privacy concerns. Organizations are advised to enhance credential management practices, implement multi-factor authentication, and strengthen endpoint detection to mitigate similar risks.
↪ https://www.rescana.com/post/under-armour-customer-data-breach-2025-technical-analysis-of-everest-ransomware-attack-and-exposed
Understanding Information Security (Infosec): Principles and Importance — tl;dr: Information security, or infosec, encompasses policies and procedures designed to protect sensitive digital data from unauthorized access, modification, and destruction. It plays a crucial role in safeguarding an organization's most valuable asset—its data—against cyber threats, which can lead to financial losses, reputational damage, and legal repercussions. Key principles include the CIA triad (confidentiality, integrity, availability) and risk management. Organizations must implement robust infosec strategies, including user training and compliance with regulations like GDPR and HIPAA, to ensure data protection and maintain trust with stakeholders.
↪ https://www.techtarget.com/searchsecurity/definition/information-security-infosec