incident
Malicious Chrome Extensions Steal Session Cookies from Workday, NetSuite, SAP SuccessFactorsCookie-stealing Chrome extensions targeting enterprise SaaS
Five malicious Chrome extensions were discovered stealing session cookies from enterprise SaaS applications including Workday, NetSuite, and SAP SuccessFactors. The extensions exfiltrated cookies every 60 seconds to attacker-controlled servers, bypassing password and MFA protections. This incident highlights the risk of session hijacking via browser extensions and the limitations of credential-only monitoring.