Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET. Cyberhaven says it discovered the code on December 25th at 6:54PM ET and removed it within an hour, but that the code was active until December 25th at 9:50PM ET. The company says it released a clean version in its 24.10.5 update.