SShortSingh.
Back to feed

ModHeader removed from Edge store after hidden data-collection module found in build 7.0.18

0
·1 views

Microsoft pulled ModHeader from its Edge Add-ons store on July 3, 2026, after Google flagged the popular header-editing extension — which had around 1.6 million combined installs — as malware. Security researchers analyzing build 7.0.18 discovered a concealed module disguised as a date-formatting library, capable of collecting visited domains and encrypting them for upload to an external server. The module appeared dormant in the tested build, and no confirmed evidence of data actually being transmitted was found, but its undisclosed presence raised serious concerns. Header-editing extensions carry elevated risk because they require broad browser permissions and sit in the request path of all browsing activity, including authenticated sessions. Developers relying on such tools are advised to audit extension permissions, inspect background network requests, and scrutinize bundled dependencies for code unrelated to the extension's stated purpose.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Seven No-Code Tools HealthTech Founders Can Use to Build Apps in 2026

Building health technology products has traditionally required significant technical resources, but no-code platforms available in 2026 are making app development accessible to non-technical founders. Consumer wellness apps, provider-facing workflow tools, and practice management applications are among the categories best suited to no-code development. However, founders must still navigate complex regulatory frameworks, including HIPAA in the US, GDPR Article 9 in the EU, and PIPEDA in Canada, which impose strict requirements around data encryption, audit trails, and user consent. Key technical considerations for health apps include role-based access control, consent and data governance flows, and integration with existing health infrastructure such as EHR systems and FHIR APIs. A DEV Community article highlights seven no-code tools — including full-stack builder Momen — that address these product and compliance needs without requiring a dedicated development team.

0
ProgrammingDEV Community ·

Seven No-Code Tools That Can Power LegalTech Startups in 2026

LegalTech serves two underserved groups: law firms seeking operational efficiency and consumers who cannot afford standard legal fees. No-code platforms now make it feasible to build products such as document automation systems, client portals, AI-powered contract review tools, and legal intake bots. These tools appropriately handle the product layer — document generation, workflow management, and client communication — without crossing into unauthorized legal advice or replacing attorney judgment. The article highlights seven no-code tools suited for LegalTech development, with Momen cited as a full-stack builder capable of managing matter databases, document templates, client portals, and AI features. Key operational needs covered include e-signature collection, time tracking, billing, and auditable procedural workflows.

0
ProgrammingDEV Community ·

Seven Production-Ready Alternatives to Vibe Coding Tools for Scaling Apps in 2026

Vibe coding tools like Lovable, Bolt, and Cursor help founders quickly build app demos, but they tend to break down when exposed to real users, concurrent traffic, and security scrutiny. Common failure points include lack of proper backend architecture, exposed API keys, absent input validation, and no scalable database design. After multiple prompts, the generated codebases also accumulate technical debt that becomes difficult even for AI tools to navigate. A DEV Community article highlights seven alternatives designed to offer early-stage speed without sacrificing production readiness. One such tool, Momen, is cited as a no-code full-stack builder featuring a visual PostgreSQL editor, server-side business logic, and role-based access control built in from the start.

0
ProgrammingDEV Community ·

Seven No-Code App Builders Ranked on Real-World Security Standards in 2026

A security-focused analysis evaluates seven no-code app development platforms on criteria that matter when handling real user data. Key security dimensions assessed include server-side authorization enforcement, data isolation between users, proper secret management, encryption, and audit logging. The review highlights that many no-code and AI-generated apps expose vulnerabilities such as client-side-only access controls, API keys leaked in frontend bundles, and predictable record IDs in URLs. Platforms like Momen are noted for treating security as a core architectural concern, enforcing business logic server-side and storing credentials away from the browser. The article argues that security evaluation should happen before deployment, not after a breach occurs.