CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

CVE-2014-100039

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service crash via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information...

A week in security (April 12 – April 18)

Last week on Malwarebytes Labs: Text scams grow to steal hundreds of millions of dollars Apple patches security vulnerabilities in iOS and iPadOS. Update now! Hi, robot: Half of all internet traffic now automated "I sent you an email from your email account," sextortion scam claims "Follow me" to...

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Horn tooting time: We're excited to say we've earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET. PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on...

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Tax season is in full force, and with the filing deadline fast approaching on April 15, scammers are happy to use that sense of urgency to coax us into handing them our cash. In one example, one of our customers recently received an email with an attachment titled "Urgent reminder.” The attachmen...

Malwarebytes Premium Security awarded “Product of the Year” from AVLab

Malwarebytes Premium Security has once again been awarded “Product of the Year” after successfully blocking 100% of “in-the-wild” malware samples. The samples were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation. AVLab commended Malwarebytes for...

Malwarebytes: Email Verification Bypass via Race Condition

An email verification bypass vulnerability was discovered in the my.malwarebytes.com. Steps to Reproduce - Create an account using an attacker email: [email protected]. - Verify the account. - Go to account settings and update the email address to...

Malwarebytes introduces native ARM support for Windows devices

For the last four years, Malwarebytes has been protecting ARM-based machines running on Apple’s M-series processors. Now, we’ve expanded our protection range to include ARM-based Windows machines such as Copilot+ PCs, including Microsoft Surface Pro, Lenovo Yoga Slim and ThinkPad, and Dell...

CVE-2019-6739

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs: ClickFix vs. traditional download in new DarkGate campaign Cybercrime gets a few punches on the nose Microsoft advertisers phished via malicious Google ads The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? These are the 10...

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

CVE-2024-6260 Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

CVE-2024-6260 Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system i...

CVE-2024-6260

CVE-2024-6260 : A local privilege escalation affecting Malwarebytes Antimalware on Windows. The flaw resides in the Malwarebytes service, where an attacker can create a symbolic link to abuse the service and delete a file, enabling escalation to SYSTEM and execution of arbitrary code. Multiple so...

Malwarebytes Anti-Malware 后置链接漏洞

Malwarebytes Anti-Malware is a Windows-based security protection software from Malwarebytes. The software is capable of detecting and removing ransomware, malware, and more. Malwarebytes Anti-Malware suffers from a backlink vulnerability that stems from the presence of a local elevation of...

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...

TikTok ordered to close Canada offices following “national security review”

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s...