INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown

INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for...

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems TDSs like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service MaaS model, where...

Steam games abused to deliver malware once again

A cybercriminal known as EncryptHub aka Larva-208 has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in...

Protecting customers from Octo Tempest attacks across multiple industries

In recent weeks, Microsoft has observed Octo Tempest, also known as Scattered Spider, impacting the airlines sector, following previous activity impacting retail, food services, hospitality organizations, and insurance between April and July 2025. This aligns with Octo Tempest’s typical patterns ...

Learn how to build an AI-powered, unified SOC in new Microsoft e-book

The sheer volume of cyberattacks continues to increase at a breathtaking scale worldwide, with customers facing more than 600 million cybercriminal and nation-state attacks every day.1 To stem the growing tide of malicious cyber activity takes a commitment from all of us—individuals from operatio...

Threat Exposure as a Narrative: If Attackers Tell a Story, Why Don’t We?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Security teams are losing the communication battle to cybercriminals who intuitively understand...

A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense...

Jailbroken AIs are helping cybercriminals to hone their craft

Cybercriminals are bypassing the guardrails that are supposed to keep AI models from carrying out criminal activities, according to researchers. We've seen the misuse of AI models by cybercriminals growing rapidly over the past several years, shaping a new era of digital threats. Early on,...

Cybercriminal abuse of large language models

Cybercriminals are continuing to explore artificial intelligence AI technologies such as large language models LLMs to aid in their criminal hacking activities. Some cybercriminals have resorted to using uncensored LLMs or even custom-built criminal LLMs for illicit purposes. Advertised features ...

A week in security (June 1 – June 7)

Last week on Malwarebytes Labs: What does Facebook know about me? Lock and Code S06E11 Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Juice jacking warnings are back, with a new twist The North Face warns customers about potentially stolen data Scammers are...

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face...

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Cybercriminals are taking advantage of the public’s interest in Artificial Intelligence AI and delivering malware via text-to-video tools. According to researchers at Mandiant, the criminals are setting up websites claiming to offer “AI video generator” services, and then using those fake tools t...

Ghosted by a cybercriminal

Welcome to this week's edition of the Threat Source newsletter. Talos recently published research into how threat actors are increasingly teaming up across the attack chain. Each group handles a slice of the operation, passing the breach along like a relay baton. It's a concerning trend -- one th...

Mapping the Future of AI Security

AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts ...

ClickFix Scam: How to Protect Your Business Against This Evolving Threat

Cybercriminals aren’t always loud and obvious. Sometimes, they play it quiet and smart. One of the tricks of…...

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

This blog details our investigation of malware samples that conceal within them a FOG ransomware payload...

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

Beers with Talos: Year in Review episode

Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities...

DeepSeek users targeted with fake sponsored Google ads that deliver malware

The threat intel research used in this post was provided by Malwarebytes Senior Director of Research, Jérôme Segura. DeepSeek’s rising popularity has not only raised concerns and questions about privacy implications, but cybercriminals are also using it as a lure to trap unsuspecting Google...

ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

Trend Zero Day Initiative™ ZDI uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 aka ZDI-25-148, a Windows .lnk file vulnerability that enables hidden command execution...