ICYMI: Massive Unsecured Database Exposes 149 Million Logins

Another wave of malicious browser extensions capable of tracking user activity and compromising privacy have been found across Chrome, Firefox, and Edge, some of which may have been active for up to five years, according to an article from Lifehacker. The campaign, known as GhostPoster, was identified by Koi Security in December and included 17 Firefox add-ons designed to monitor users' browsing activity. Threat actors planted malicious JavaScript code in the extension's PNG logo, which served as a malware loader to retrieve the main payload from a remote server. Researchers at LayerX have found an additional 17 malicious extensions across multiple browsers that have collectively been installed more than 840,000 times.

YouTube is taking a sledgehammer to the low-grade AI garbage cluttering up your feed, according to an article by eWeek. In his annual look-ahead letter, YouTube CEO Neal Mohan laid out a year of big bets, including AI tools alongside a crackdown on what the internet has nicknamed “AI slop.” This comes after announcing that more than a million channels used its AI creation tools every day last December. The irony of the war on “slop” is that YouTube is actually giving creators more AI tools, not fewer. Later this year, creators will be able to generate Shorts using their own AI-generated likeness. The platform is also testing ways for people to build games and music using nothing but text prompts. But he admits the tech brings serious problems. “It’s becoming harder to detect what’s real and what’s AI-generated,” Mohan wrote in the official company letter. “This is particularly critical when it comes to deepfakes.”

It's not just you. Google Search has become significantly worse in recent years. In the past, you only had to watch out for low-quality content filled with SEO-bait keywords. Today, you have to be wary of AI-generated garbage, misinformation, and a generally worse UI. Still, it's not impossible to find good search results on Google, according to an article from Lifehacker. The author has found a number of tricks that have helped reduce the number of low-quality entries Google returns for his searches. Here are 10 such tips everyone should know about before their next search.

A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft. Jeremiah Fowler, a veteran security researcher, recently stumbled upon 149,404,754 unique logins and passwords, totaling about 96GB of raw data. There was no encryption… and it didn’t even have a password, according to an article from TechRepublic. Sharing his findings with ExpressVPN, Fowler noted, “The publicly exposed database was not password-protected or encrypted.” The collection was so large and detailed that it wasn’t just a list of names; it included emails, usernames, passwords, and the specific website links needed to log into the accounts.

Crunchbase confirmed a data breach after the cybercriminal group ShinyHunters claimed to steal over 2 million personal records from its systems, according to an article from SecurityAffairs. The group leaked a 402 MB compressed archive on their website due to a failed extortion attempt. The company states that operations weren’t affected and that the security breach is now contained. Crunchbase notified federal authorities and is investigating the incident with the help of external experts. The company is reviewing the exposed data to determine if any legal notifications are needed.

Microsoft is under scrutiny after it emerged that the company shared encryption keys with US law enforcement, an uncommon move that has alarmed privacy experts and reignited the debate over who truly controls encrypted data, according to an article from TechRepublic. According to Forbes staffer Thomas Brewster, Microsoft provided the FBI with BitLocker recovery keys that allowed investigators to unlock data on three encrypted laptops. The request came through a valid search warrant issued in a federal investigation in Guam into alleged fraud in the island’s COVID-19 unemployment assistance program. The laptops were protected by BitLocker, Microsoft’s full-disk encryption software that is enabled by default on many modern Windows PCs. While BitLocker is designed to keep data safe from unauthorized access, the case shows that protection depends heavily on where the recovery key is stored.

Early hominins in Europe were creating tools from raw materials hundreds of thousands of years before Homo sapiens arrived there, two new studies indicate, pushing back the established time for such activity, according to an article from the New York Times. The evidence includes a 500,000-year-old hammer made of elephant or mammoth bone, excavated in southern England, and 430,000-year-old wooden tools found in southern Greece — the earliest wooden tools on record. The findings suggest that early humans possessed sophisticated technological skills, the researchers said. Katerina Harvati, a paleoanthropologist at the University of Tübingen in Germany and a lead author of the wooden-tool paper, which was published on Monday in the journal PNAS, said the discoveries provided insight into the prehistoric origins of human intelligence. Silvia Bello, a paleoanthropologist at London’s Natural History Museum and an author on the elephant-bone study, which was published last week in Science Advances, concurred.

Tech companies are getting increasingly pushy with their large language models — prominent buttons for these AI features coat every surface designers can think of, including in three of the most prominent browsers: Chrome, Edge, and Firefox, according to an article from Lifehacker. If you want these AI features to go away, and stay away, there's a script for that. JustTheBrowser is a free and open source tool from developer and tech blogger Corbin Davenport that removes AI features, telemetry data reporting, sponsored content, product integrations, and other annoyances from Chrome, Firefox, and Microsoft Edge. Basically, you can run this once and never think about these features again. To get started, head to the JustTheBrowser homepage. There are scripts to copy (which I'm not going to include here in case they change in the future).

There are reports that a legitimate Microsoft email address — which Microsoft explicitly says customers should add to their allow list — is delivering scam spam, according to an article from Ars Technica. The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.

Panera Bread has been named by the cybercrime group ShinyHunters as the latest victim in a large-scale stolen credentials incident, according to an article from TechRepublic. This raises fresh concerns about the security of single sign-on systems and the growing effectiveness of social engineering attacks targeting major consumer brands. The group claims it obtained sensitive customer data linked to Panera Bread and has listed the company on its data leak site alongside other high-profile organizations. While Panera Bread has not publicly confirmed the breach, the allegations point to the exposure of millions of customer records and highlight a wider campaign that security researchers say is affecting companies across multiple sectors. The info was shared on Daily Dark Web, where approximately 14 million Panera Bread customer records were taken during the intrusion. The dataset allegedly includes names, email addresses, postal addresses, phone numbers, and account-related details. The group claims the stolen information amounts to roughly 760 MB of compressed data. If accurate, the scale of the alleged breach would place it among the larger consumer data exposures reported in recent months, particularly within the food and retail sector.

Mozilla announced that new AI controls are coming to Firefox, starting with Firefox 148, according to an article from Lifehacker. This version, which drops Feb. 24, sports a brand-new AI controls section in the settings panel on the desktop browser. (You'll find it in the between "Sync" and "AI controls.") From here, you'll be able to block all current and future AI features, and cherry pick which features you want to use — if any. If you want absolutely nothing to do with AI when browsing the web with Firefox, you can use the "Block AI enhancements" toggle. Once activated, not only will these features not appear, but Firefox will block any pop-ups or alerts pushing you to try existing or future AI features.

Jupiter is smaller and flatter than scientists previously thought, new measurements of the gas giant reveal, according to an article from LiveScience. Researchers used radio data from the Juno spacecraft to refine measurements of the solar system's largest planet. Although the differences between the current and previous measurements are small, they are improving models of Jupiter's interior and of other gas giants like it outside the solar system, the team reported Feb. 2 in the journal Nature Astronomy. "Textbooks will need to be updated," study co-author Yohai Kaspi, a planetary scientist at the Weizmann Institute of Science in Israel, said in a statement. "The size of Jupiter hasn't changed, of course, but the way we measure it has."

Malwarebytes has joined the ChatGPT app store, which means you can get some expert help when investigating web links, emails, text messages, domains, and phone numbers you think might be suspicious, according to an article from Lifehacker. The app is free to use for everyone, whether or not they're signed up to a paid ChatGPT subscription, and you can enable the tool via the ChatGPT app store or by entering the prompt "Malwarebytes, is this a scam?" Once you've used the app for the first time, you can access it again via the + (plus) button on the prompt box.

Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity, according to an article from BleepingComputer. Founded in 2004, Flickr is one of the world's largest photography communities and sharing sites, hosting over 28 billion photos and videos. The company says it has 35 million monthly users and 800 million monthly page views. Flickr did not disclose which third-party provider was involved or how many users were potentially affected by this incident. A Flickr spokesperson was not immediately available for comment when contacted by BleepingComputer for more details. The company said that it shut down access to the affected system within hours after being informed of the security flaw on February 5. While the vulnerability "may have" provided access to some member information, Flickr said that passwords and payment card numbers were not compromised in the incident.

Google announced two new ways for users to remove their sensitive information from the web Tuesday morning—or, at least, remove that data from Google Search. The first lets users request that Google remove sensitive government ID information from Search, while the second gives users new tools to request the same for non-consensual explicit images, according to an article from Lifehacker. Google is updating its existing "Results about you" tool, which helps users scour the internet for their personal information. Before today, this tool could already locate data points like your name, phone number, email addresses, and home addresses. Following the update, you can now find and request the deletion of search results containing highly sensitive information, including your driver's license, passport, or Social Security number.

Researchers at the University of Wisconsin-Madison discovered that a concerning number of browser extensions can access sensitive information that you enter into websites. Think passwords, credit card info, and Social Security numbers, according to an article from Lifehacker. The team behind the discovery says they weren't out looking to break a security story. Instead, they were "messing around with login pages," specifically Google login pages, when they found that the sites' HTML source code could see the passwords they entered in plain text. They turned their sights onto other websites—more than 7,000, reportedly—and found that about 15% of them were also storing sensitive information in plain text. That's over 1,000 websites exposing important data.

Releasing male Aedes aegypti mosquitoes into the wild that were infected with the sterility-inducing bacteria Wolbachia pipientis cut dengue infection risk more than 70% in people, according to a cluster-randomized trial in Singapore, says an article from MedPage Today. In urban locations where wolbachia-infected male mosquitoes were introduced, the percentage of residents who tested positive for dengue infection at 6 months or more after the intervention was 6% (354 of 5,722 tests) compared with 21% (1,519 of 7,080 tests) in urban locations where the infected male mosquitoes weren't introduced, reported Lee Ching Ng, PhD, of the National Environment Agency in Singapore, and colleagues. The intervention's protective efficacy after 3 months was 71%, reaching 72% at 6 months and settling at 71% 12 months and later, the researchers detailed in the New England Journal of Medicine.

Threat actors don't have to work that hard to obtain sophisticated malware to deploy against unsuspecting targets. A new spyware platform known as ZeroDayRAT is reportedly being sold on Telegram, complete with customer support and updates, according to an article from Lifehacker. According to mobile security company iVerify, this aggressive spyware grants full remote control over devices running Android 15 through 16 and iOS versions up to iOS 26. Once deployed, it allows everything from user profiling and location tracking to live surveillance and financial theft.

It’s tempting to think that an LLM chatbot can answer any question you pose, including those about your health. After all, chatbots have been trained on plenty of medical information, and can regurgitate it if given the right prompts. But that doesn’t mean they will give you accurate medical advice, and a new study shows how easily AI’s supposed expertise breaks down, according to an article from Lifehacker. In short, they are even worse at it than I thought. In the study, researchers first quizzed several chatbots about medical information. In these carefully conducted tests, ChatGPT-4o, Llama 3, and Command R+ correctly diagnosed medical scenarios an impressive 94% of the time—though they were able to recommend the right treatment a much less impressive 56% of the time.

Google confirms Quick Share’s AirDrop-style sharing is expanding beyond Pixel to more Android devices in 2026, making file sharing far easier, according to an article from TechRepublic. The Pixel-only phase is ending. Quick Share’s AirDrop interoperability is on its way to a much bigger slice of Android. Google has now confirmed it’s expanding AirDrop-style sharing beyond its own Pixel phones to a much wider range of Android devices in 2026. That move could finally make fast, local file sharing feel less like a platform privilege and more like a standard feature for Android users everywhere.

Getting older might seem like a slow, gradual process – but research suggests that this is not always the case, according to an article from ScienceAlert. In fact, if you wake up one morning, look in the mirror, and wonder if your aging somehow accelerated, you might not be imagining things. According to a 2024 study into the molecular changes associated with aging, humans experience two abrupt lurches forward, one at the average age of 44 and the other at around age 60.

Raise your hand if you didn’t see THIS coming. AI-powered browser extensions continue to be a popular vector for threat actors looking to harvest user information. Researchers at security firm LayerX have analyzed multiple campaigns in recent months involving malicious browser extensions, including the widespread GhostPoster scheme targeting Chrome, Firefox, and Edge. In the latest one — dubbed AiFrame — threat actors have pushed approximately 30 Chrome add-ons that impersonate well-known AI assistants, including Claude, ChatGPT, Gemini, Grok, and "AI Gmail." Collectively, these fakes have more than 300,000 installs, according to an article from Lifehacker.

In a laboratory at Tsinghua University in China, researchers have successfully tackled one of the most persistent limitations in 3D printing, according to an article from TechSpot. They have developed a system that can produce intricate, millimeter-scale objects almost instantaneously – no layering, no waiting, and no compromise between fine detail and rapid output. The technique is called Digital Incoherent Synthesis of Holographic light fields (DISH). Instead of assembling materials layer by layer, DISH projects a three-dimensional holographic light field directly into a resin volume, solidifying the entire object at once.

It's one of the most instantly recognizable scenes in cinematic history: Luke Skywalker gazes at a double sunset to the haunting melody of a mournful French horn. And while "Star Wars" may take place in a galaxy far, far away, planets orbiting binary stars actually do exist in the Milky Way. Yet mysteriously, there are not as many as scientists expect — and new research might explain why, according to an article from Space.com. Of the thousands of single-star systems in our galaxy, around 10% are known to have planets. Scientists thus expected about 10% of the 3,000 known binary star systems in our galaxy to have them, too. But of the more than 6,000 confirmed exoplanets in the Milky Way, just 14 confirmed planets have been found around pairs of stars. Researchers from the University of California, Berkeley, and the American University of Beirut suggest the culprit might be Albert Einstein's theory of general relativity.

After years of work, scientists have solved the mystery of an unusual side effect that impacted some recipients of the Oxford/AstraZeneca and Johnson & Johnson COVID-19 vaccines, according to an article from IFL Science. Most importantly, the discovery could help vaccine developers to produce safer vaccines based on the same technology, preventing the same issues occurring in the future. Most of the COVID vaccines still in use today are mRNA vaccines, but some of the ones rolled out earlier in the pandemic, notably from Oxford/AstraZeneca in the UK and Johnson & Johnson in the US, were different. These were adenovirus vector vaccines, which use a harmless-to-humans carrier virus (in this case, an adenovirus) to transport part of the virus they're actually trying to vaccinate against. The reason why these COVID vaccines were able to be developed so quickly was because this technology was not new – the developers of the Oxford/AstraZeneca vaccine, for instance, had already been trialing an adenovirus vector vaccine against MERS, another coronavirus, when the pandemic hit. They were very effective, and alongside the mRNA vaccines from Pfizer and Moderna were cornerstones of the early response to the pandemic, helping to turn the tide of infections, save lives, and allow restrictions to be lifted. But no medical intervention is completely risk-free, and it quickly became apparent that a very rare side effect was impacting some of those receiving the adenovirus vaccines.

Astronomers recently searched the gas cloud of a yet-unborn star for a chemical that may seed future planets with the basic ingredients for life, according to an article from Space.com. Astronomer Yuxin Lin and colleagues found an organic molecule called methanimine scattered throughout a dense clump of gas and dust 554 light-years away. The cloud, called L1544 and found within the Taurus Molecular Cloud, will eventually become a star with a system of planets, and if Lin and colleagues are right, those exoplanets may form with a "starter kit" of organic molecules like methanimine — courtesy of chemical reactions that are going on right now in the cold, dormant molecular cloud. Astronomers have spotted methanimine in a surprising range of places in the universe, from very hot and turbulent places like the cores of newborn stars to frigid grains of ice drifting through interstellar space. One of the most interesting places methanimine has turned up is what astronomers call a pre-stellar core: a dense knot of gas and dust, poised on the brink of collapsing under its own gravity to form a newborn star. Think of a pre-stellar core — like L1544, located 554 light years away — as all the ingredients for a star system, with some assembly required.

Researchers have resolved a 50-year-old scientific mystery by identifying the molecular mechanism that allows tissues to regenerate after severe damage. The discovery could help guide future treatments aimed at reducing the risk of cancer returning, according to an article from SciTechDaily. Many tissues in the body, including the skin and other epithelial layers that line organs, have a remarkable ability to recover after severe damage. Instead of simply breaking down, they can trigger a surge of new cell growth that restores lost tissue. New research from the Weizmann Institute of Science, published in Nature Communications, sheds light on how this regeneration occurs. The study shows that caspases, enzymes best known for driving cell death, can also help certain cells survive and support tissue repair. By doing so, these cells enable damaged tissue not only to regrow but, in some cases, to become more resistant to future stress. The researchers also found a potential downside to this process. The same survival mechanism may be exploited by cancer cells, helping tumors return in a more aggressive and treatment-resistant form. Understanding this pathway could therefore inform new strategies to improve wound healing and reduce the risk of cancer relapse.

Google has issued a patch for a high-severity flaw that has been actively exploited in the wild—the first Chrome zero-day in 2026, according to an article from Lifehacker. The latest flaw, catalogued as CVE-2026-2441, is a use-after-free vulnerability in CSSFontFeatureValuesMap, Chrome's CSS font feature implementation. A use-after-free vulnerability is a flaw in which an application attempts to use memory after it has been released back to the system. This type of bug allows attackers to execute code, escalate privileges, cause app or system crashes, and leak sensitive data. CVE-2026-2441 would allow "a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." Essentially, this means malicious HTML content could run code inside a Chrome tab, extension, or plugin. As Malwarebytes explains, this is dangerous because attackers can see or modify whatever the isolated browser tab (sandbox) can access, allowing actions like credential harvesting and traffic rerouting—even if it cannot escape to impact the whole operating system. Google said that this vulnerability has been exploited in the wild but hasn't provided any specific details as to how. The discovery has been attributed to Shaheen Fazim.

For many organizations, cybersecurity threats are still associated with sophisticated exploits or zero-day vulnerabilities. In reality, a growing number of breaches don’t involve hacking in the traditional sense at all. Instead, attackers are logging in using valid credentials obtained elsewhere. Credential stuffing has become an effective and scalable attack technique in use today, according to an article from TechRepublic. For IT and cybersecurity decision makers, understanding this threat — and how to defend against it — is critical. And THIS is the reason you hear admonitions to NOT reuse passwords between multiple sites from every corner of the internet userspace.

Microsoft patched a security flaw with Notepad (?!?!) that left users vulnerable to exploits, according to an article from Lifehacker. Users could click a malicious link inside a Markdown file in Notepad that would allow attackers to run arbitrary code. Microsoft's push to add AI features to its OS may be contributing to the rise in bugs and security flaws. Users can protect themselves by installing Microsoft's latest security update, which includes the patch for this Notepad glitch. Seriously though … Notepad is a plain, simple (and I mean about as simple as it gets) text editor. It has NO business being internet-aware, much less connecting to the internet. Someone needs to make Microsoft write “just because you can, doesn’t mean you should” 10,000 times on the blackboard.

A surprisingly ravenous black hole from the dawn of the universe is breaking two big rules: It's not only exceeding the "speed limit" of black hole growth but also generating extreme X-ray and radio wave emissions — two features that are not predicted to coexist, according to an article from LiveScience. The object — a quasar known as ID830 — is an extremely bright and active supermassive black hole (SMBH) that is shooting immense jets of radiation from its poles. It is also emitting intense X-ray emissions, generated by infalling material that swirls around its dark maw at nearly the speed of light. ID830 is exceptionally massive. It already weighed 440 million solar masses around 12 billion years ago, when the universe was approximately 15% of its current age. That makes it over 100 times more massive than Sagittarius A*, the SMBH at the heart of our Milky Way galaxy.

Researchers have applied a machine learning technique to uncover unexpected features of the non-reciprocal forces that shape the behavior of a many-body system, according to an article from SciTechDaily. The study, published in PNAS, was conducted by experimental and theoretical physicists at Emory University. It combines a specially designed neural network with laboratory measurements from a dusty plasma, a type of ionized gas that contains interacting particles. Unlike most uses of artificial intelligence in science, which focus on analyzing data or making predictions, this work used AI to help reveal previously unknown physical laws. According to the team, the paper delivers the most detailed account so far of the physics governing dusty plasmas, including highly accurate descriptions of non-reciprocal forces.

That diet soda that you reach for in your refrigerator may not be the best thing to be reaching for, if you’re at all concerned about dementia, according to a recent study. For those consuming more than one diet soda per day, there was a greater than a four-fold increase in the incidence of dementia. While the full text of the study is locked behind a paywall, you can get the gist of the study results from the abbreviated results listed for free (at the link above). For those consuming sugared soft drinks, there was no statistical increase in the rates of dementia. Hmmmm.