Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business

Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data...

US Bans New Foreign-Made Home Routers Over National Security Fears

The FCC has officially added foreign-made consumer routers to its restricted Covered List, citing major cybersecurity risks. Find out what it means for your current devices...

Assessing Cybersecurity Risks and Traffic Impact in Connected Autonomous Vehicles

Given the promising future of autonomous vehicles, it is foreseeable that self-driving cars will soon emerge as the predominant mode of transportation. While autonomous vehicles offer enhanced efficiency, they remain vulnerable to external attacks. In this research, we sought to investigate the...

Large Language Models As a (Bad) Security Norm in the Context of Regulation and Compliance

The use of Large Language Models LLM by providers of cybersecurity and digital infrastructures of all kinds is an ongoing development. It is suggested and on an experimental basis used to write the code for the systems, and potentially fed with sensitive data or what would otherwise be considered...

EUVD-2017-2365

Malware in sbrugna...

EUVD-2024-21084

Malicious code in bioql PyPI...

CISA: FY 2025 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems. This is an updated copy...

CISA: Tribal Cybersecurity Grant Program FAQ

Learn more about the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments address cybersecurity risks and threats to their information systems. CISA maintains this list of frequently asked questions FAQs for reference to address common questions about the program...

CISA: FY 2023 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems...

Navigating Cybersecurity Risks in Crypto-Backed Lending

As crypto-backed lending gathers momentum among institutions and everyday users, cybersecurity shadows every new transaction. Billions in digital…...

Another Supply Chain Vulnerability

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department's computer systems--with minimal supervision by U.S. personnel--leaving some of the nation's most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigatio...

A week in security (July 7 – July 13)

Last week on Malwarebytes Labs: Deepfake criminals impersonate Marco Rubio to uncover government secrets McDonald’s AI bot spills data on job applicants Millions of people spied on by malicious browser extensions in Chrome and Edge No thanks: Google lets its Gemini AI access your apps, including...

Code highlighting with Cursor AI for $500,000

Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on thes...

Ubuntu: Security Advisory (USN-7594-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don't start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that's a...

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems. MOVEit Transfer is a popular...

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including...

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risk...

Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them...