Cybersecurity Brief – April 15, 2026

Major Browser Extension Threat Campaign

Over 100 malicious extensions infiltrated the official Chrome Web Store, targeting OAuth tokens and deploying backdoors in a sophisticated supply chain attack. The extensions are designed to steal Google OAuth2 Bearer tokens, establish persistent backdoor access, and conduct ad fraud operations. This campaign represents a significant threat to enterprise environments where browser extensions are commonly used, as compromised OAuth tokens can grant attackers persistent access to cloud services and corporate resources without triggering traditional authentication alerts. Organizations should immediately audit installed browser extensions and implement stricter controls on extension permissions.

Active Zero-Day Exploitation

Adobe has patched a zero-day vulnerability in Adobe Reader that has been exploited in the wild for several months before detection. Separately, a critical vulnerability in Marimo, a Python-based reactive notebook platform, is now confirmed under active exploitation. The delayed discovery of the Adobe zero-day underscores the challenge of detecting targeted attacks that fly under the radar of traditional security monitoring. Security teams should prioritize patching both vulnerabilities immediately and review logs for indicators of compromise dating back several months for the Adobe Reader flaw.

Sources: BleepingComputer · CISO Series