Category: Uncategorized

The US may act to seize a Russian-flagged oil tanker heading across the Atlantic to Europe, CBS News, the BBC’s media partner in the US, reported.

Two US officials told the broadcaster that American forces plan to intercept the ship, which historically has carried Venezuelan crude oil and is thought to be between Scotland and Iceland.

President Donald Trump said last month that he was ordering a “blockade” of sanctioned oil tankers entering and leaving Venezuela, a move the government there described as “theft”.

Ahead of his seizure of the country’s former leader Nicolás Maduro on Saturday, Trump had repeatedly accused Venezuela’s government of using ships to bring drugs to American shores.

The US coastguard tried to board the Bella 1 last month in the Caribbean when it was believed to be heading towards Venezuela.

They had obtained a warrant to seize the ship, accused of breaking US sanctions and shipping Iranian oil.

It then dramatically changed course, as well as its name to the Marinera, reportedly reflagging from a Guyanan to a Russian vessel.

Its approach to Europe has coincided with the arrival of around 10 US military transport aircraft in the UK as well as helicopters.

Russia says it is “monitoring with concern” the situation around the ship.

CBS News reported that the two US officials said American forces preferred to seize the ship rather than sink it.

The Marinera is believed to be between Scotland and Iceland, with the distance and weather making a boarding difficult.

If any US military operation were to be launched from the UK then Washington would be expected to inform its ally.

For now the UK Ministry of Defence says it will not comment on other nations’ military activities.

They suggested that the US could mount an operation like one conducted last month when US Marines and special operation forces working with the US Coast Guard seized The Skipper, a large crude oil tanker flagged out of Guyana, after the vessel left port in Venezuela.

AIS (automatic identification system) tracking data for the tanker, which can be spoofed or faked, suggests it was in the North Atlantic approximately 2,000km (1,200 miles) west of continental Europe on Tuesday.

Under international law, vessels flying a country’s flag are under the protection of that nation but Dimitris Ampatzidis, senior risk and compliance analyst at maritime intelligence firm Kpler, told BBC Verify changing the ship’s name and flag might not change much.

“US action is driven by the vessel’s underlying identity [IMO number], ownership/control networks, and sanctions history, not by its painted markings or flag claim,” he said.

Ampatzidis added that changing to the Russian registry might cause “diplomatic friction” but would not stop any US enforcement action.

Russia’s foreign ministry said it was “closely monitoring with concern the abnormal situation around the Russian oil tanker Marinera”.

“At present, our vessel is sailing in the international waters of the North Atlantic under the state flag of the Russian Federation and in full compliance with the norms of international maritime law,” it added.

“For reasons unclear to us, the Russian ship is being given increased and clearly disproportionate attention by the US and Nato military, despite its peaceful status,” it said.

“We expect that Western countries, which declare their commitment to freedom of navigation on the high seas, will begin adhering to this principle themselves.”

The potential stand-off over the oil tanker comes days after the US shocked the world by using military force to seize Venezuelan President Nicolás Maduro, a Russian ally, from the capital Caracas.

It bombarded targets in the city during the operation to extricate him and his wife on suspicion of weapon and drug offences.

Doug LaMalfa, a Republican Congressman from California, has died unexpectedly at age 65, colleagues announced on Tuesday.

President Donald Trump offered a tribute to LaMalfa, saying he wanted “to express our tremendous sorrow at the loss of a great member – a great, great, great member”.

The congressman’s cause of death was not immediately clear. LaMalfa was a former rice farmer elected to congress in 2013. He focused on water and agriculture issues during his tenure.

His death shaved an already-thin Republican majority in the US House of Representatives to just a few seats, following the resignation on Monday of former Trump ally Marjorie Taylor Greene.

“He was a fantastic person,” Trump said. “He voted with me 100% of the time.”

Minnesota Congressman Tom Emmer called his colleague a “staunch advocate for his constituents and rural America”.

LaMalfa earned a degree in agriculture business from California Polytechnic State University in San Luis Obispo.

He served as a state lawmaker before being elected to congress, where he fought for help for fire victims in his northern California district and “worked to protect families from overregulation, ensure American farmers and ranchers can continue to feed the world”, according to his congressional website.

Greene’s resignation and LaMalfa’s death left Republicans with a 218-213 majority, meaning they have only a two-vote cushion – if three don’t vote or side with Democrats, Republicans lose.

Within hours after LaMalfa’s death was announced on Tuesday, news emerged that another Republican congressman had been hospitalized after a car wreck.

Indiana Congressman Jim Baird was recuperating and “expected to make a full recovery”, according to a statement posted to social media.

There are currently four vacancies in the House with Democrats favoured to fill two of them – in special elections in Texas at the end of January, and in New Jersey in the spring.

Under California law, Governor Gavin Newsom will have 14 days to call for a special election to fill LaMalfa’s seat.

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control.

The names of the extensions, which collectively have over 900,000 users, are below –

• Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID: fnmihdojmnkclgjpcoonokmkhjpjechg, 600,000 users)
• AI Sidebar with Deepseek, ChatGPT, Claude, and more. (ID: inhcgfpbfdjbjogdfjbclgolkmhnooop, 300,000 users)

The findings follow weeks after Urban VPN Proxy, another extension with millions of installations on Google Chrome and Microsoft Edge, was caught spying on users’ chats with artificial intelligence (AI) chatbots. This tactic of using browser extensions to stealthily capture AI conversations has been codenamed Prompt Poaching by Secure Annex.

The two newly identified extensions “were found exfiltrating user conversations and all Chrome tab URLs to a remote C2 server every 30 minutes,” OX Security researcher Moshe Siman Tov Bustan said. “The malware adds malicious capabilities by requesting consent for ‘anonymous, non-identifiable analytics data’ while actually exfiltrating complete conversation content from ChatGPT and DeepSeek sessions.”

The malicious browser add-ons have been found to impersonate a legitimate extension named “Chat with all AI models (Gemini, Claude, DeepSeek…) & AI Agents” from AITOPIA that has about 1 million users. They are still available for download from the Chrome Web Store as of writing, although “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” has since been stripped of its “Featured” badge.

Once installed, the rogue extensions request that users grant them permissions to collect anonymized browser behavior to purportedly improve the sidebar experience. Should the user agree to the practice, the embedded malware begins to harvest information about open browser tabs and chatbot conversation data.

To accomplish the latter, it looks for specific DOM elements inside the web page, extracts the chat messages, and stores them locally for subsequent exfiltration to remote servers (“chatsaigpt[.]com” or “deepaichats[.]com”).

What’s more, the threat actors have been found to leverage Lovable, an artificial intelligence (AI)-powered web development platform, to host their privacy policies and other infrastructure components (“chataigpt[.]pro” or “chatgptsidebar[.]pro”) in an attempt to obfuscate their actions.

The consequences of installing such add-ons can be severe, as they have the potential to exfiltrate a wide range of sensitive information, including data shared with chatbots like ChatGPT and DeepSeek, and web browsing activity, including search queries and internal corporate URLs.

“This data can be weaponized for corporate espionage, identity theft, targeted phishing campaigns, or sold on underground forums,” OX Security said. “Organizations whose employees installed these extensions may have unknowingly exposed intellectual property, customer data, and confidential business information.”

Legitimate Extensions Join Prompt Poaching

The disclosure comes as Secure Annex said it identified legitimate browser extensions such as Similarweb and Sensor Tower’s Stayfocusd – each with 1 million and 600,000 users, respectively – engaging in prompt poaching.

Similarweb is said to have introduced the ability to monitor conversations in May 2025, with a January 1, 2026, update adding a full terms of service pop-up that makes it explicit that data entered into AI tools is being collected to “provide the in-depth analysis of traffic and engagement metrics.” A December 30, 2025, privacy policy update also spells this out –

This information includes prompts, queries, content, uploaded or attached files (e.g., images, videos, text, CSV files) and other inputs that you may enter or submit to certain artificial intelligence (AI) tools, as well as the results or other outputs (including any attached files included in such outputs) that you may receive from such AI tools (“AI Inputs and Outputs”).

Considering the nature and general scope of AI Inputs and Outputs and AI Metadata that is typical to AI tools, some Sensitive Data may be inadvertently collected or processed. However, the aim of the processing is not to collect Personal Data in order to be able to identify you. While we cannot guarantee that all Personal Data is removed, we do take steps, where possible, to remove or filter out identifiers that you may enter or submit to these AI tools.

Further analysis has revealed that Similarweb uses DOM scraping or hijacks native browser APIs like fetch() and XMLHttpRequest() – like in the case of Urban VPN Proxy – to gather the conversation data by loading a remote configuration file that includes custom parsing logic for ChatGPT, Anthropic Claude, Google Gemini, and Perplexity.

Secure Annex’s John Tuckner told The Hacker News that the behavior is common to both Chrome and Edge versions of the Similarweb extension. Similarweb’s Firefox add-on was last updated in 2019.

“It is clear prompt poaching has arrived to capture your most sensitive conversations and browser extensions are the exploit vector,” Tuckner said. “It is not clear if this violates Google’s policies that extensions should be built for a single purpose and not load code dynamically.”

“This is just the beginning of this trend. More firms will begin to realize these insights are profitable. Extension developers looking for a way to monetize will add sophisticated libraries like this one supplied by the marketing companies to their apps.”

Users who have installed these add-ons and are concerned about their privacy are advised to remove them from their browsers and refrain from installing extensions from unknown sources, even if they have the “Featured” tag on them.