Security guides
Guides on browser extension security, software supply chain attacks, and secret scanning - grouped by topic. Each one explains the threat and how Extuno detects it with evidence.
Understand and detect malicious browser extensions across every store.
How malicious browser extensions work
Broad install-time access, evasion, and the poisoned-update class.
Chrome extension scanning
Scan Chrome extensions for supply-chain risk.
Firefox add-on scanning
Scan Firefox add-ons for supply-chain risk.
Discord client mod scanning
Scan Discord client mods for token theft and risk.
VS Code extension scanning
Scan VS Code extensions for malicious code.
JetBrains plugin scanning
Scan JetBrains IDE plugins for risk.
Eclipse plugin scanning
Scan Eclipse plugins for risk.
The free browser companion
Scans installed extensions and blocks malicious sites.
Catch the poisoned update across packages and dependencies.
What is a software supply chain attack?
How attackers reach you through trusted dependencies and update channels.
Version diffing
Catch poisoned updates by diffing one release against the next.
npm supply chain security
Typosquats, install hooks, and malicious npm updates.
PyPI package security
Install-time code execution in setup.py and wheels.
npm scanning
Scan npm packages for supply-chain risk.
PyPI scanning
Scan PyPI packages for supply-chain risk.
Analysis: the Cyberhaven attack
How OAuth phishing poisoned a Chrome extension update.
Analysis: the event-stream attack
Malware hidden in a transitive npm dependency.
Stop leaked credentials and run analysis in the pipeline.
Definitions, answers, and how the platform works.