Lucene search
K
MalwarebytesRecent

4706 matches found

Malwarebytes
Malwarebytes
added 9 hours ago5 views

Warning: Scammers are using FaceTime to empty bank accounts

Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information. This warning appears in a broader Apple support article about scams that target iPhone and iPad users through...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 10 hours ago6 views

The inside job that cost ransomware victims millions

When a ransomware crew locks up your servers, the outside negotiator you hire has to know everything about you so that they can negotiate a smaller ransom payment. You tell them what your cyber-insurance covers and what your board is willing to pay. You have to. That's the whole reason you hire...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added yesterday7 views

Trusting your kids online isn’t enough (Lock and Code S07E14)

This week on the Lock and Code podcast … There is a lot going on right now regarding the safety of kids online. In the United States, the majority of state legislatures have passed age verification laws requiring a variety of websites to more rigorously verify the age of their visitors. In the...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added yesterday4 views

Ghostcommit attack hides malicious AI instructions in images

Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added yesterday6 views

Fake crypto gift card sites are getting harder to spot

You want to turn some crypto into a gift card. You search, click a promising result, and land on a site that looks polished and legitimate: a dark theme, trust badges, and promises of instant delivery and no ID checks. You wouldn't think to question it. But a professional-looking website isn't...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added yesterday4 views

A week in security (July 6 – July 12)

Last week on Malwarebytes Labs: This new Windows malware can take over your PC and wipe it clean How mule betting scams recruit ordinary people Two Chrome updates in two days fix critical vulnerabilities How World Cup crypto prediction sites take your money 6.9 million driver’s license numbers...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 4 days ago13 views

This new Windows malware can take over your PC and wipe it clean

Microsoft published new research on GigaWiper, a modular Golang backdoor for Windows that combines robust remote access with multiple ways to permanently destroy systems and data. GigaWiper is a Windows backdoor that Microsoft has observed in intrusions since October 2025. Rather than being a...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 4 days ago9 views

How mule betting scams recruit ordinary people

Mule betting or third-party betting account scams are a form of money mule scam where criminals recruit or coerce people into opening gambling accounts in their own name. The criminals then use those accounts to place bets to help launder money and obscure the source or ownership of funds. The UK...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 4 days ago10 views

Two Chrome updates in two days fix critical vulnerabilities

Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that cou...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 5 days ago8 views

How World Cup crypto prediction sites take your money

Crypto prediction and betting sites are appearing around the World Cup, and researchers have already tracked scams aimed at fans, including fake ticketing, fixed-match betting, prediction scams, and fan-branded meme coins. We investigated one prediction site ourselves. While we aren't claiming...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 5 days ago10 views

6.9 million driver’s license numbers stolen from AssuranceAmerica

Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 5 days ago6 views

Microsoft fixes RoguePlanet zero-day in Defender

Microsoft issued a security update that fixes the zero-day vulnerability known as RoguePlanet in Microsoft Defender. RoguePlanet is tracked as CVE-2026-50656, a Microsoft Defender elevation of privilege EoP vulnerability. As we reported last month, if successfully exploited, RoguePlanet can allow...

7.8CVSS7.3AI score0.03391EPSS
Exploits0
Malwarebytes
Malwarebytes
added 5 days ago11 views

Turn off this Meta setting before someone generates AI images of you

Every consumer app has a settings menu that lets you make decisions about things like notifications or dark mode. Meta has just decided that anyone can generate AI images of you from your public Instagram account by typing your Instagram handle into a prompt. On July 7, Meta launched its AI image...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 6 days ago10 views

Your next car could be watching your face

To reduce traffic incidents, all new cars sold in the EU must now include driver-monitoring technology, including Driver Drowsiness and Attention Warning DDAW systems and, on newer vehicles, Advanced Driver Distraction Warning ADDW systems. Similar requirements are expected in the US, where the...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/07 5:45 p.m.15 views

How the Reddit and Discord false report scam steals accounts

A stranger messages you on Reddit. They say someone reported them, and the reporting account looks a lot like yours. Was it you? It wasn't. That's not really the point of the message. This version relies entirely on social engineering. There is no malware and no malicious links. It starts with a...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/07 1:43 p.m.14 views

Fake Netflix, Coca-Cola, and FIFA job scams target marketers

Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/07 11:20 a.m.9 views

Claude Code’s hidden tracker was an “experiment,” says Anthropic

As a developer, you want to use tools you can trust and rely on. One researcher took that idea seriously enough to scrutinize their local Claude Code 2.1.196 installation. For developers using AI assistants with access to their code, files, and terminal, understanding what those tools are doing...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/07 9:31 a.m.6 views

Scammers are using AI to sell impossible flowers

We've had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds,...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/06 4:22 p.m.19 views

How to tell if an image is AI-generated

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/06 12:51 p.m.38 views

Choose your WhatsApp username carefully

Dutch consumer organization Consumentenbond has warned users to be careful when choosing their optional WhatsApp username. Meta announced the introduction of usernames on June 29, 2026, and encouraged users to reserve their username now. Meta offers this feature as: “a major privacy feature...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/06 11:52 a.m.9 views

NetNut botnet takes a hit. Don’t be part of the next one.

In a joint operation, Google, the FBI, and other partners have dealt a significant blow to the residential proxy ecosystem by disrupting the NetNut also tracked as Popa botnet. NetNut is a malicious service built on millions of hijacked consumer devices. NetNut marketed itself as a high-quality...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/06 7:14 a.m.18 views

A week in security (June 29 – July 5)

Last week on Malwarebytes Labs: Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Apple’s Hide My Email doesn’t hide it very well Fake Google and Cloudflare verification pages spread multiple malware families WinRAR flaw could allow attackers to take control of your...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/03 1:30 p.m.11 views

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts

Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware. Verified X account used in Mac...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/02 4:22 p.m.8 views

Apple’s Hide My Email doesn’t hide it very well

404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address. That's especially concerning because protecting your real email address is exactly what the feature is designed to do. 404 Media did n...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/02 4:5 p.m.30 views

Fake Google and Cloudflare verification pages spread multiple malware families

Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/02 12:38 p.m.12 views

WinRAR flaw could allow attackers to take control of your computer

Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to ma...

7.8CVSS7.6AI score0.00306EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/07/01 8:11 p.m.15 views

Fake Perplexity Chrome extension spies on your searches

Type "Perplexity" into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called "Search for perplexity ai ," and it delivered something extra that users hadn't bargained for: a small hidden surveillanc...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/01 12:50 p.m.10 views

BioShocking: when “gaming” AI agents is no longer a game

AI-powered browsers and agents promise to take the drudgery out of web tasks. They can summarize pages, pull data from your accounts, and even act as a smart assistant that clicks and types for you. But new research shows that when those assistants lose track of what’s real and what’s just a game...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/01 11:40 a.m.7 views

Chrome needs another whopper update to fix 382 security bugs

If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes...

9.6CVSS6AI score0.00316EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/01 9:10 a.m.22 views

ChatGPT produced graphic violent images that shocked researchers

AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how to make ChatGPT produce explicit material. Mindgard, a company that tests AI engines for weaknesses, found that ...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/07/01 9:10 a.m.16 views

ChatGPT produced graphic violent images that shocked researchers

AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British AI security firm just figured out how to make ChatGPT produce explicit material. Mindgard, a company that tests AI engines for weaknesses, found that ...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/30 8:46 p.m.10 views

Watch out for “high paying, low effort” Amazon job texts

Remote, flexible, high‑paying work is a tempting prospect, and the holy grail for many people looking for a new role. But it's not just recruiters who are aware of this, job scammers do too and are happy to use it as an easy lure. That lure tends to be even more tempting when they claim to be...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/30 2:35 p.m.10 views

Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari

Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities we...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/29 2:44 p.m.11 views

This pay gap is programmed (Lock and Code S07E13)

This week on the Lock and Code podcast… Pay is personal for plenty of Americans, but a new distribution model that consumes vast quantities of worker data is turning pay into something else: personalized. For an increasing number of workers in America, the money they can expect to be paid on any...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/29 2:41 p.m.24 views

119 Edge extensions promised useful tools, instead downloaded malware

Microsoft has removed 119 extensions from the Edge add-on store which were all tied to one adware campaign. In a paper titled "Inside StegoAd: How We Disrupted a Massive Malicious Extension Campaign," Microsoft researchers detail how they uncovered and dismantled a sophisticated malware campaign...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/29 7:1 a.m.23 views

A week in security (June 22 – June 28)

Last week on Malwarebytes Labs: Malware steals Chrome session cookies to take over your accounts Beware of "Parcel Expert" job offers: They’re parcel mule scams Update Chrome to patch critical browser security flaws Fake domain renewal emails trick website owners into paying scammers Elite networ...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/26 12:44 p.m.12 views

Malware steals Chrome session cookies to take over your accounts

An email attachment leads to the installation of a malicious Chrome extension. Researchers say it is part of a Windows backdoor delivered via a phishing email. The malware abuses Chrome Native Messaging to move control from the browser into the host system. Its most notable trick isn't the phishi...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/25 6:12 p.m.10 views

Beware of “Parcel Expert” job offers: They’re parcel mule scams

A parcel mule scam, also called a reshipping scam, is a fake job offer designed to recruit people into handling stolen goods. It usually starts with a fake remote job offer that promises easy money for receiving, inspecting, repackaging, and forwarding packages from home. The “employer” may claim...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/25 11:4 a.m.9 views

Update Chrome to patch critical browser security flaws

Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild. The stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and...

9.6CVSS5.9AI score0.00217EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/25 10:26 a.m.16 views

Fake domain renewal emails trick website owners into paying scammers

You receive an email warning that your website's domain name is about to expire. Renew now, it says, or your website and email could stop working. The link opens a professional-looking page that already knows your domain name, displays your registrar and expiry date, and starts a countdown timer...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/25 9:8 a.m.18 views

Elite network says it was hacked after members’ personal data was left exposed

Some organizations exist to be exclusive. They're invite-only, and discreet, the kind of place where the membership directory is the product. Dialog, the exclusive network founded by billionaire investor and PayPal co-founder Peter Thiel, whose members include a sitting NATO commander, two US...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/24 5:23 p.m.7 views

PixelSmash flaw turns video files into attack tools

A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a...

8.8CVSS6.6AI score0.00477EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2026/06/24 2:18 p.m.9 views

Watch out for renewal scams pretending to be Malwarebytes

Fake subscription renewal notices are doing the rounds again. Some of these scams impersonate Malwarebytes, and we've also seen them reach our customers. You're more likely to trust the message if you're already a customer of the company mentioned in the email. That's what the scammers are counti...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/24 10:48 a.m.18 views

“Total access to all your devices.” Sextortion scammers strike again

At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cybercriminals keep using it. Some criminals put more effort into their messages than others. Sextortion emails are messages claiming that scammers recorde...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/23 3:52 p.m.13 views

Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire

Most people have heard of the dark web, but few understand what it actually looks like or what goes on there. To separate fact from fiction, our research team spent 48 hours exploring it firsthand and documenting what we found. The dark web isn't inherently bad. It also serves legitimate purposes...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/23 1:1 p.m.25 views

Meta pauses controversial employee-tracking program after security review

Meta has paused a controversial employee‑tracking program after an internal security review found that highly granular keystroke and screen‑capture data from staff laptops was far more widely accessible inside the company than intended. The program was part of Meta's Model Capability Initiative...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/23 10:30 a.m.11 views

Hackers steal passport and driver’s license data of 3 million Texans

You can change a password and cancel a card. But replacing a passport or driver's license number every time someone leaves yours unsecured in a vendor database isn't so easy. More than three million Texans are facing that problem after a data breach involving a vendor used by the Texas Parks and...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/23 9:23 a.m.25 views

GTA 6 early access is nothing but a scam

A new wave of scam websites is offering something millions of people want: a way to play Grand Theft Auto VI before it comes out. " Get GTA 6 before everyone else." " Buy VIP early access." Pay a few hundred dollars in cryptocurrency, enter a payment code, and supposedly unlock the game. But it's...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/22 3:22 p.m.17 views

Thousands of D-Link routers under control of AryStinger botnet

Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end‑of‑life D‑Link routers and some network-attached storage NAS devices, turning them into a distributed scanning and proxy network that attackers can use to hide their activity and launch...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/22 1:19 p.m.22 views

Document delivery scams: What are they and what’s their goal?

One of Malwarebytes' managers recently received a call from scammers pretending to be a document delivery service. The voicemail sounded official: “I am calling on behalf of document delivery services. We have been retained to schedule and deliver legal documents to you between the hours of 8 AM...

5.7AI score
Exploits0
Total number of security vulnerabilities4706