Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child's among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is sa...

EUVD-2025-12531

Malicious code in bioql PyPI...

EUVD-2024-41456

Malicious code in bioql PyPI...

A week in security (September 1 – September 7)

Last week on Malwarebytes Labs: Nexar dashcam video database hacked Roblox introduces age checks to use communication features Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind TP-Link warns of botnet infecting routers and targeting Microsoft 365...

Linux Distros Unpatched Vulnerability : CVE-2025-3634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks...

How to set up two-step verification on your WhatsApp account

Two step verification is the name Meta uses for what is generally referred to as Two-factor authentication 2FA. 2FA is not fool-proof, but it is one of the best ways to protect your accounts from hackers. It adds an extra step when logging in, which is a small extra effort for you, but it...

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the openpgp.verify or openpgp.decrypt functions. An attacker can manipulate the message content to...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability is due to missing authentication enforcement, which allows users to enroll in courses without completing two-step verification...

GHSA-QHC7-XHC2-7P7W Moodle self enrollment available before completing second factor with MFA enabled

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

UBUNTU-CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

CVE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

CVE-2025-3634

Summary of CVE-2025-3634 (Moodle) : Moodle self-enrollment can occur before completing required MFA/second-factor checks, enabling students to enroll prematurely on sites with MFA enabled. The connected OSV/BIT-MOODLE entries corroborate that self-enrolment bypasses MFA, and the problem is descri...

CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

PT-2025-17906

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that allows students to enroll in courses without completing necessary safety checks, including two-step verification processes. This enables users to sign up f...

Moodle 授权问题漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. An authorization issue vulnerability exists in Moodle, which stems from the fact that a student can bypass security checks a...

CVE-2024-45394

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...