Credit Resources Vault: Why this credit email set off our scam alarms

If there is anything that annoys me more than a scammer, it's companies that behave like one, while staying just on the right side of the law. They manage to linger and disappoint customers for years. It's also why sometimes people think that Malwarebytes Scam Guard can be overly cautious when...

Dark Web Roast February 2026 Edition

Dark Web Roast - February 2026 Edition By Trellix Advanced Research Center · March 18, 2026 Executive Summary February 2026 delivered another stellar month in the ongoing theatre of the absurd that is the cybercriminal underground, where ransomware gangs bulk-scheduled their extortion like a...

Best DeleteMe Alternatives (2026): Competitors and Comparisons

Best DeleteMe alternatives for 2026 compared, including Incogni, Optery, Aura, Kanary, and Privacy Bee for data broker removal and privacy protection...

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars...

A week in security (January 12 – January 18)

Last week on Malwarebytes Labs: WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping Dutch police sell fake tickets to show how easily scams work "Reprompt" attack lets attackers steal data from Microsoft Copilot Phishing scammers are posting fake "account restricted...

Data broker fined after selling Alzheimer’s patient info and millions of sensitive profiles

California's privacy regulator has fined a Texas data broker $45,000 and banned it from selling Californians' personal information after it sold Alzheimer patients' data. Texan company Rickenbacher Data LLC, which does business as Datamasters, bought and resold the names, addresses, phone numbers...

Chrome extension slurps up AI chats after users installed it for privacy

This case highlights a growing grey area in consumer privacy: data collection that is technically disclosed, but so far outside user expectations that most people would never knowingly agree to it. The next time you tell an AI chat assistant your deepest secrets, think twice; you never know who o...

Mozilla Says It’s Finally Done With Two-Faced Onerep

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of...

EUVD-2015-4319

Malware in sbrugna...

EUVD-2020-24868

Malware in sbrugna...

A week in security (September 15 – September 21)

Last week on Malwarebytes Labs: ChatGPT Deep Research zero-click vulnerability fixed by OpenAI Disrupted phishing service was after Microsoft 365 credentials Update your Chrome today: Google patches 4 vulnerabilities including one zero-day Age verification and parental controls coming to ChatGPT ...

What Does Palantir Actually Do?

Palantir is often called a data broker, a data miner, or a giant database of personal information. In reality, it’s none of these—but even former employees struggle to explain it...

Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses

The shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data...

Airlines Secretly Selling Passenger Data to the Government

This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...

US airline industry quietly selling flight data to DHS

A data broker owned by some of America's biggest airlines has been selling access to customer flight data to the US Department of Homeland Security DHS. The data, compiled by data broker Airlines Reporting Corporation ARC, includes names, flight itineraries, and financial details. It also covers...

Airlines Don’t Want You to Know They Sold Your Flight Data to DHS

A contract obtained by 404 Media shows that an airline-owned data broker forbids the feds from revealing it sold them detailed passenger data...

A week in security (May 12 – May 18)

Last week on Malwarebytes Labs: Data broker protection rule quietly withdrawn by CFPB Meta sent cease and desist letter over AI training Google to pay $1.38 billion over privacy violations Android users bombarded with unskippable ads Last week on ThreatDown: ThreatDown introduces Firewall...

Data broker protection rule quietly withdrawn by CFPB

The Consumer Financial Protection Bureau CFPB has decided to withdraw a 2024 rule to limit the sale of Americans’ personal information by data brokers. In a Federal Register notice published yesterday, the CFPB said it "has determined that legislative rulemaking is not necessary or appropriate at...

Nearly a Year Later, Mozilla is Still Promoting OneRep

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnershi...

The Murky Ad-Tech World Powering Surveillance of US Military Personnel

A Florida data broker told a US senator it obtained sensitive data on US military members in Germany from a Lithuanian firm, which denies involvement—revealing the opaque nature of online ad surveillance...