Coordinated Chrome extensions harvest enterprise login cookies from Workday, NetSuite, and SAP SuccessFactors

January 19, 2026 at 03:38 AM

•

1 min read

Coordinated Chrome extensions harvest enterprise login cookies from Workday, NetSuite, and SAP SuccessFactors — Photo: BleepingComputer

TL;DR Summary

Security researchers found five malicious Chrome extensions posing as productivity/security tools for enterprise HR/ERP platforms (Workday, NetSuite, SAP SuccessFactors) that exfiltrate authentication cookies, block security administration pages, and, in one case, inject cookies to hijack active sessions. The campaign, linked by shared infrastructure and targeting patterns, had about 2,300 installations. Extensions were taken down after disclosure; affected users should notify security admins and rotate passwords on the targeted platforms.

Topics:business #chrome-extensions #cookie-exfiltration #cybersecurity #enterprise-security #session-hijacking #technology

Share this article

Credential-stealing Chrome extensions target enterprise HR platforms BleepingComputer
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts The Hacker News
Malicious Chrome Extensions Steal Cookies, Enable Account Takeovers WebProNews
Alert! Researchers spot 5 malicious Chrome extensions targeting popular enterprise HR and ERP platforms Cyber Daily
End-point Security - Managing browser extension exploits teiss

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

93%

958 → 69 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights