Feed aggregator

Google's Pixel Watch 5, expected to be released later this year, was reportedly lost at sea before it was returned to the owner.

A new scam is targeting people who publish Chrome extensions.

The scam arrives as an official-looking “copyright removal request” claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal.

It even looks personalized. After you enter your extension’s ID to “verify” it, the page pulls in your extension’s real name and icon. But it’s all part of a phishing attack designed to steal your Google username and password.

If attackers gain access to a developer account, they may be able to take over the extension, access developer resources, or potentially push malicious updates to users.

What’s actually going on

If you’ve published a Chrome extension, you might encounter a page that looks like an official Google notice warning that your extension is being removed for copyright infringement.

The page asks you to enter your extension ID, then displays your real extension details alongside a complaint number and countdown clock. It pressures you to sign in with Google to file an appeal before time runs out.

None of it is real. The page is not operated by Google. The complaint, deadline, and countdown are fabricated. The goal is to trick you into entering your Google username and password into a fake sign-in window controlled by the scammer.

The most important rule to remember: Genuine warnings about your extension appear in your Chrome Web Store developer dashboard, not on a third-party website.

Why scammers want developer accounts

Chrome extensions have access to users’ browsers, and they can be updated automatically.

If attackers gain control of a developer account, they may be able to modify an extension, access developer resources, or potentially distribute malicious updates to existing users.

That’s what makes developer accounts such attractive targets, and why scams like these are prevalent.

What the scam looks like

The page is hosted on a domain that has nothing to do with Google. In the version we analyzed, the site used the address dmca-chrome-extensions[.]click.

Despite that, it uses Google’s branding and presents itself as a “Chrome Web Store Developer Policy Center.”

The page first asks for the link or ID of your extension. That seems harmless, which is exactly why it works.

It uses your own extension to look convincing

After you enter your extension ID, the page briefly displays a “Looking up extension…” message and then builds a fake takedown notice around your real extension.

When we tested the scam with Malwarebytes Browser Guard, it displayed our genuine extension name, icon, and Chrome Web Store listing alongside the fake complaint.

The site is simply pulling publicly available information from your extension’s Chrome Web Store page. Anyone can see that information. The scammers use it to make the fake notice appear legitimate.

Everything else is invented.

The complaint number, “date received,” 48-hour deadline, countdown timer, and timeline of events are generated by the scam page itself.

The countdown is there to rush you

A red warning banner claims your extension will be permanently removed unless you act within 48 hours, and a clock counts down by the second. The whole layout pushes you toward one button: sign in with Google to “verify your identity” and file your appeal. 

The urgency is designed to create pressure so you react before taking the time to verify the claim.

The fake sign-in window

When you click “Continue to verification,” a Google sign-in window appears with a title bar, padlock, and address showing accounts.google.com.

It looks authentic, but it isn’t.

The “window” is actually part of the web page itself. The padlock and address are just graphics designed to look like a real browser window.

The scammers even tailor the appearance to match your operating system, showing Mac-style windows on macOS and Windows-style windows on Windows devices.

Anything typed into this fake sign-in form is sent directly to the scammers.

One giveaway is that the window cannot leave the browser page. Try dragging it to the edge of your screen and it stops at the browser border. Minimize the browser and it disappears as well.

Most importantly, your browser’s real address bar still shows the scam site’s address, not Google’s.

How to stay safe

The good news is that a few simple habits defeat this scam.

• Don’t trust the link. If you receive a warning about your extension, go directly to your Chrome Web Store developer dashboard and check there.
• Be suspicious of urgency. Legitimate policy processes don’t rely on countdown clocks to force immediate action.
• Check the address bar. A real Google sign-in page appears at accounts.google.com in your browser’s actual address bar.
• Test the window. If a sign-in window can’t be dragged outside the browser or disappears when the browser is minimized, it’s probably fake.
• Turn on stronger sign-in protection. Passkeys and hardware security keys make stolen passwords far less useful to attackers.
• Use security software with phishing and web protection. Our Browser Guard, which is also part of Malwarebytes Premium can help block malicious websites and phishing pages before you enter sensitive information.

This isn’t a crude phishing page. It uses your real extension details, mimics Google’s branding, and creates a convincing sense of urgency.

If you receive a warning about your extension, don’t follow the link and don’t race the countdown. Go directly to your Chrome Web Store developer dashboard and verify the claim there.

When in doubt, close the tab.

If you already entered your details

Act quickly.

• Change your Google password immediately from a trusted device.
• Sign out of all active sessions in your Google account security settings.
• Review connected apps and devices for anything unfamiliar.
• Turn on two-step verification, preferably using a passkey or security key.
• Check your Chrome Web Store listings for changes, uploads, or new versions you didn’t publish.

Indicators of Compromise (IOCs)

Domain

dmca-chrome-extensions[.]click

Stop threats before they can do any harm.

Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →

Tickets aren't on sale yet, but you can sign up for more information.

Google's latest features are designed to bring an added layer of safety and personalization to your phone.

Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be.

It looks like it'll be a hit for students.

Article URL: https://fusionauth.io/community/forum/topic/3083/how-to-enforce-customer-specific-session-lifetimes-and-fast-deprovisioning-for-federated-users-in-fusionauth

Comments URL: https://news.ycombinator.com/item?id=48373512

Points: 1

# Comments: 0

Article URL: https://www.shirahaddad.com/writing/journals/italy-move

Comments URL: https://news.ycombinator.com/item?id=48373496

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/storage/2026/06/02/expect-more-of-those-dram-price-hikes-as-memory-shortage-continues-to-bite/5250049

Comments URL: https://news.ycombinator.com/item?id=48373495

Points: 1

# Comments: 0

Article URL: https://adamwritesaboutdata.substack.com/p/of-hammers-and-nails-what-ai-can

Comments URL: https://news.ycombinator.com/item?id=48373491

Points: 1

# Comments: 0

Article URL: https://huntersoftwareconsulting.com/posts/2026-05-31-agentex-and-cognitive-load/

Comments URL: https://news.ycombinator.com/item?id=48373487

Points: 1

# Comments: 0

Hi HN, I'm one of the founders of s2.dev. RePlaya (https://github.com/s2-streamstore/replaya) is a self-hosted browser session replay tool using rrweb (https://github.com/rrweb-io/rrweb).

It occurred to me that a durable stream per session would be a much neater architectural foundation for much of what you'd want from such a tool. As a unique feature, it also made live tailing straightforward because the player can read from the same stream the recorder is appending to.

The alternative architecture is likely an ingest firehose which is then indexed, with associated complexity and latency. You'd have to string together multiple data systems like a message queue, a metadata database, and blob storage and/or an OLAP database.

Here the only dependency is S2, which has an open source version you can self-host called s2-lite (https://news.ycombinator.com/item?id=46708055).

How it works:

- one S2 stream per browser session

- large rrweb events (like a full snapshot) get framed across multiple binary S2 records and reassembled on read

- active sessions are tailed with an S2 read session, and bridged to the browser over SSE

- session listing relies on stream names encoding reverse timestamps, as S2 returns a lexicographic order listing

- relying on fencing tokens so a stopped session can't be written to again by a late recorder

- retention and GC are handled via S2 stream config, so no background job needed

Curious to hear from folks on the tool or the stream-per-session model!

Comments URL: https://news.ycombinator.com/item?id=48373482

Points: 1

# Comments: 0

Please drive responsibly when Mario Kart World music is blasting through your car.

Article URL: https://intelligentcollector.com/100-years-of-television-design/

Comments URL: https://news.ycombinator.com/item?id=48373463

Points: 1

# Comments: 0

Article URL: https://c9x.me/compile/release/qbe-1.3.html

Comments URL: https://news.ycombinator.com/item?id=48373442

Points: 2

# Comments: 0

Article URL: https://www.osnews.com/story/145186/the-newest-instagram-exploit-is-the-goofiest-ive-seen/

Comments URL: https://news.ycombinator.com/item?id=48373435

Points: 2

# Comments: 0

Article URL: https://blog.heliummobile.com/noble/

Comments URL: https://news.ycombinator.com/item?id=48373411

Points: 2

# Comments: 1

Article URL: https://lists.gnu.org/archive/html/info-gnutrition/2026-06/msg00000.html

Comments URL: https://news.ycombinator.com/item?id=48373408

Points: 2

# Comments: 1

Article URL: https://github.com/litlig/heywtf

Comments URL: https://news.ycombinator.com/item?id=48373399

Points: 2

# Comments: 0