4706 matches found
Warning: Scammers are using FaceTime to empty bank accounts
Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information. This warning appears in a broader Apple support article about scams that target iPhone and iPad users through...
The inside job that cost ransomware victims millions
When a ransomware crew locks up your servers, the outside negotiator you hire has to know everything about you so that they can negotiate a smaller ransom payment. You tell them what your cyber-insurance covers and what your board is willing to pay. You have to. That's the whole reason you hire...
Trusting your kids online isn’t enough (Lock and Code S07E14)
This week on the Lock and Code podcast … There is a lot going on right now regarding the safety of kids online. In the United States, the majority of state legislatures have passed age verification laws requiring a variety of websites to more rigorously verify the age of their visitors. In the...
Ghostcommit attack hides malicious AI instructions in images
Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an...
Fake crypto gift card sites are getting harder to spot
You want to turn some crypto into a gift card. You search, click a promising result, and land on a site that looks polished and legitimate: a dark theme, trust badges, and promises of instant delivery and no ID checks. You wouldn't think to question it. But a professional-looking website isn't...
A week in security (July 6 – July 12)
Last week on Malwarebytes Labs: This new Windows malware can take over your PC and wipe it clean How mule betting scams recruit ordinary people Two Chrome updates in two days fix critical vulnerabilities How World Cup crypto prediction sites take your money 6.9 million driver’s license numbers...
This new Windows malware can take over your PC and wipe it clean
Microsoft published new research on GigaWiper, a modular Golang backdoor for Windows that combines robust remote access with multiple ways to permanently destroy systems and data. GigaWiper is a Windows backdoor that Microsoft has observed in intrusions since October 2025. Rather than being a...
How mule betting scams recruit ordinary people
Mule betting or third-party betting account scams are a form of money mule scam where criminals recruit or coerce people into opening gambling accounts in their own name. The criminals then use those accounts to place bets to help launder money and obscure the source or ownership of funds. The UK...
Two Chrome updates in two days fix critical vulnerabilities
Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that cou...
How World Cup crypto prediction sites take your money
Crypto prediction and betting sites are appearing around the World Cup, and researchers have already tracked scams aimed at fans, including fake ticketing, fixed-match betting, prediction scams, and fan-branded meme coins. We investigated one prediction site ourselves. While we aren't claiming...
6.9 million driver’s license numbers stolen from AssuranceAmerica
Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents...
Microsoft fixes RoguePlanet zero-day in Defender
Microsoft issued a security update that fixes the zero-day vulnerability known as RoguePlanet in Microsoft Defender. RoguePlanet is tracked as CVE-2026-50656, a Microsoft Defender elevation of privilege EoP vulnerability. As we reported last month, if successfully exploited, RoguePlanet can allow...
Turn off this Meta setting before someone generates AI images of you
Every consumer app has a settings menu that lets you make decisions about things like notifications or dark mode. Meta has just decided that anyone can generate AI images of you from your public Instagram account by typing your Instagram handle into a prompt. On July 7, Meta launched its AI image...
Your next car could be watching your face
To reduce traffic incidents, all new cars sold in the EU must now include driver-monitoring technology, including Driver Drowsiness and Attention Warning DDAW systems and, on newer vehicles, Advanced Driver Distraction Warning ADDW systems. Similar requirements are expected in the US, where the...
How the Reddit and Discord false report scam steals accounts
A stranger messages you on Reddit. They say someone reported them, and the reporting account looks a lot like yours. Was it you? It wasn't. That's not really the point of the message. This version relies entirely on social engineering. There is no malware and no malicious links. It starts with a...
Fake Netflix, Coca-Cola, and FIFA job scams target marketers
Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including...
Claude Code’s hidden tracker was an “experiment,” says Anthropic
As a developer, you want to use tools you can trust and rely on. One researcher took that idea seriously enough to scrutinize their local Claude Code 2.1.196 installation. For developers using AI assistants with access to their code, files, and terminal, understanding what those tools are doing...
Scammers are using AI to sell impossible flowers
We've had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds,...
How to tell if an image is AI-generated
A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or...
Choose your WhatsApp username carefully
Dutch consumer organization Consumentenbond has warned users to be careful when choosing their optional WhatsApp username. Meta announced the introduction of usernames on June 29, 2026, and encouraged users to reserve their username now. Meta offers this feature as: “a major privacy feature...
NetNut botnet takes a hit. Don’t be part of the next one.
In a joint operation, Google, the FBI, and other partners have dealt a significant blow to the residential proxy ecosystem by disrupting the NetNut also tracked as Popa botnet. NetNut is a malicious service built on millions of hijacked consumer devices. NetNut marketed itself as a high-quality...
A week in security (June 29 – July 5)
Last week on Malwarebytes Labs: Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Apple’s Hide My Email doesn’t hide it very well Fake Google and Cloudflare verification pages spread multiple malware families WinRAR flaw could allow attackers to take control of your...
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts
Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware. Verified X account used in Mac...
Apple’s Hide My Email doesn’t hide it very well
404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address. That's especially concerning because protecting your real email address is exactly what the feature is designed to do. 404 Media did n...
Fake Google and Cloudflare verification pages spread multiple malware families
Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...
WinRAR flaw could allow attackers to take control of your computer
Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to ma...
Fake Perplexity Chrome extension spies on your searches
Type "Perplexity" into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called "Search for perplexity ai ," and it delivered something extra that users hadn't bargained for: a small hidden surveillanc...
BioShocking: when “gaming” AI agents is no longer a game
AI-powered browsers and agents promise to take the drudgery out of web tasks. They can summarize pages, pull data from your accounts, and even act as a smart assistant that clicks and types for you. But new research shows that when those assistants lose track of what’s real and what’s just a game...
Chrome needs another whopper update to fix 382 security bugs
If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes...
ChatGPT produced graphic violent images that shocked researchers
AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how to make ChatGPT produce explicit material. Mindgard, a company that tests AI engines for weaknesses, found that ...
ChatGPT produced graphic violent images that shocked researchers
AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how to make ChatGPT produce explicit material. Mindgard, a company that tests AI engines for weaknesses, found that ...
Watch out for “high paying, low effort” Amazon job texts
Remote, flexible, high‑paying work is a tempting prospect, and the holy grail for many people looking for a new role. But it's not just recruiters who are aware of this, job scammers do too and are happy to use it as an easy lure. That lure tends to be even more tempting when they claim to be...
Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari
Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities we...
This pay gap is programmed (Lock and Code S07E13)
This week on the Lock and Code podcast… Pay is personal for plenty of Americans, but a new distribution model that consumes vast quantities of worker data is turning pay into something else: personalized. For an increasing number of workers in America, the money they can expect to be paid on any...
119 Edge extensions promised useful tools, instead downloaded malware
Microsoft has removed 119 extensions from the Edge add-on store which were all tied to one adware campaign. In a paper titled "Inside StegoAd: How We Disrupted a Massive Malicious Extension Campaign," Microsoft researchers detail how they uncovered and dismantled a sophisticated malware campaign...
A week in security (June 22 – June 28)
Last week on Malwarebytes Labs: Malware steals Chrome session cookies to take over your accounts Beware of "Parcel Expert" job offers: They’re parcel mule scams Update Chrome to patch critical browser security flaws Fake domain renewal emails trick website owners into paying scammers Elite networ...
Malware steals Chrome session cookies to take over your accounts
An email attachment leads to the installation of a malicious Chrome extension. Researchers say it is part of a Windows backdoor delivered via a phishing email. The malware abuses Chrome Native Messaging to move control from the browser into the host system. Its most notable trick isn't the phishi...
Beware of “Parcel Expert” job offers: They’re parcel mule scams
A parcel mule scam, also called a reshipping scam, is a fake job offer designed to recruit people into handling stolen goods. It usually starts with a fake remote job offer that promises easy money for receiving, inspecting, repackaging, and forwarding packages from home. The “employer” may claim...
Update Chrome to patch critical browser security flaws
Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild. The stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and...
Fake domain renewal emails trick website owners into paying scammers
You receive an email warning that your website's domain name is about to expire. Renew now, it says, or your website and email could stop working. The link opens a professional-looking page that already knows your domain name, displays your registrar and expiry date, and starts a countdown timer...
Elite network says it was hacked after members’ personal data was left exposed
Some organizations exist to be exclusive. They're invite-only, and discreet, the kind of place where the membership directory is the product. Dialog, the exclusive network founded by billionaire investor and PayPal co-founder Peter Thiel, whose members include a sitting NATO commander, two US...
PixelSmash flaw turns video files into attack tools
A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a...
Watch out for renewal scams pretending to be Malwarebytes
Fake subscription renewal notices are doing the rounds again. Some of these scams impersonate Malwarebytes, and we've also seen them reach our customers. You're more likely to trust the message if you're already a customer of the company mentioned in the email. That's what the scammers are counti...
“Total access to all your devices.” Sextortion scammers strike again
At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cybercriminals keep using it. Some criminals put more effort into their messages than others. Sextortion emails are messages claiming that scammers recorde...
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
Most people have heard of the dark web, but few understand what it actually looks like or what goes on there. To separate fact from fiction, our research team spent 48 hours exploring it firsthand and documenting what we found. The dark web isn't inherently bad. It also serves legitimate purposes...
Meta pauses controversial employee-tracking program after security review
Meta has paused a controversial employee‑tracking program after an internal security review found that highly granular keystroke and screen‑capture data from staff laptops was far more widely accessible inside the company than intended. The program was part of Meta's Model Capability Initiative...
Hackers steal passport and driver’s license data of 3 million Texans
You can change a password and cancel a card. But replacing a passport or driver's license number every time someone leaves yours unsecured in a vendor database isn't so easy. More than three million Texans are facing that problem after a data breach involving a vendor used by the Texas Parks and...
GTA 6 early access is nothing but a scam
A new wave of scam websites is offering something millions of people want: a way to play Grand Theft Auto VI before it comes out. " Get GTA 6 before everyone else." " Buy VIP early access." Pay a few hundred dollars in cryptocurrency, enter a payment code, and supposedly unlock the game. But it's...
Thousands of D-Link routers under control of AryStinger botnet
Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end‑of‑life D‑Link routers and some network-attached storage NAS devices, turning them into a distributed scanning and proxy network that attackers can use to hide their activity and launch...
Document delivery scams: What are they and what’s their goal?
One of Malwarebytes' managers recently received a call from scammers pretending to be a document delivery service. The voicemail sounded official: “I am calling on behalf of document delivery services. We have been retained to schedule and deliver legal documents to you between the hours of 8 AM...