A week in security (June 1 – June 7)

Last week on Malwarebytes Labs: Your phone called. It needs a cleanup. Fake BlueWallet steals passwords, accounts, and crypto from Macs Fake virus alerts are invading mobile games 23andMe exposed genetic information of millions, lawsuit says These convincing copyright notices are designed to stea...

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle AitM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

PT-2026-1688

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Attackers are leveraging artificial intelligence to customize malicious payloads in phishing campaigns, enabling them to circumvent security defenses. This issue is related to email security protocol...

Exploit for CVE-2025-2783

CVE-2025-2783 Simulated PoC for CVE-2025-2783 — a sandbox esca...

Trados RWS MultiTrans 安全漏洞

Trados RWS MultiTrans is a translation management system from Trados. A security vulnerability exists in Trados RWS MultiTrans v7.0.23324.2 and earlier versions, which stems from the presence of HTML injection vulnerabilities that can be exploited by an attacker to change the HTML layout and...