Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2026/06/05 8:56 a.m.18 views

AI: Threat, tool, or both?

Public attitudes toward Artificial Intelligence AI are changing, and we wanted to understand why. A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. Peop...

5.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/04 9:9 a.m.18 views

Meta’s AI support bot happily handed Instagram accounts to hackers

Customer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/12 3:46 p.m.18 views

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/08 12:48 p.m.18 views

Microsoft says Edge’s plaintext password behavior is “by design”

Some time ago, we discussed whether you should allow your browser to remember your passwords. In that article we mentioned the importance of encryption. “ With a browser password manager, someone with access to your browser could see your passwords in clear text, although Windows can be set to as...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/07 2:37 p.m.18 views

Massive AI investment scam network spans 15,500 domains

Researchers tracked a large AI‑themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting ordinary users. Criminals abused the Keitaro ad-tracking platform as part of a cloaking system so real victims see scam...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/07 10:21 a.m.18 views

If a fake moustache can fool age checks, is the Online Safety Act working?

A report based on a survey by the UK’s Internet Matters shows that much of the responsibility for managing the online safety of children still falls on families. The Online Safety Act came into effect in July, 2025, and the report explores what has changed in the online lives of UK families since...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/30 7:1 a.m.18 views

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/12 10:24 a.m.18 views

Microsoft Authenticator could leak login codes—update your app now

A vulnerability in Microsoft Authenticator for both iOS and Android CVE-2026-26123 could leak your one-time sign-in codes or authentication deep links to a malicious app on the same device. Deep links are predefined URIs Uniform Resource Identifiers that allow direct access to an activity in a we...

5.5CVSS5.8AI score0.00603EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/25 4:8 p.m.18 views

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/10 12:57 p.m.18 views

McDonald’s AI bot spills data on job applicants

McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password “12345.”...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/06/19 1:58 p.m.18 views

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/14 9:20 p.m.18 views

Android users bombarded with unskippable ads

Researchers have discovered a very versatile ad fraud network—known as Kaleidoscope—that bombards users with unskippable ads. Normally, ad fraud is not a concern for users of infected devices. They might experience some sluggish behavior on their device, but often that’s the extent of it. Ad frau...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/06 1:36 p.m.18 views

“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/02 4:7 p.m.18 views

On world password day, Microsoft says fewer passwords, more passkeys

And we agree. If there is a cybersecurity themed day that we would like to get rid as soon as possible it’s world password day. Sorry, old friend, but you’re outdated, and it looks like your days are numbered. Let's switch to passkeys. To quote Microsoft: “As the world shifts from passwords to...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/01 12:14 p.m.18 views

Apple AirPlay SDK devices at risk of takeover—make sure you update

Researchers found a set of vulnerabilities in Apple’s AirPlay SDK that put billions of users at risk of their devices being taking over. AirPlay is Apple's proprietary wireless technology that allows you to stream audio, video, photos, and even mirror your device's screen from an iPhone, iPad, or...

9.8CVSS7.7AI score0.031EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2025/04/15 2:50 p.m.18 views

Hertz data breach caused by CL0P ransomware attack on vendor

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/31 8:8 a.m.18 views

A week in security (March 24 – March 30)

Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks "This fraud destroyed my life." Man ends up with criminal record after ID was stolen Moving from WhatsApp to Signal: A good idea? Security expert Troy Hunt hit by phishing attack Booking.com phish uses fake...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/05 12:3 p.m.18 views

Android zero-day vulnerabilities actively abused. Update as soon as you can

Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, th...

7.8CVSS7.3AI score0.00809EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2024/12/12 3:6 p.m.18 views

Data brokers should stop trading health and location data, new bill proposes

Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/11 8:30 a.m.18 views

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/08/12 2:17 p.m.18 views

Google Manifest V3 and Malwarebytes Browser Guard

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, theres no need for you to worry...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/07/12 3:32 p.m.18 views

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor ...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/21 8:19 a.m.18 views

US bans Kaspersky, warns: “Immediately stop using that software”

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/05 1:30 p.m.18 views

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charli...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/01 8:9 p.m.18 views

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/05/13 7:21 a.m.18 views

A week in security (May 6 – May 12)

Last week on Malwarebytes Labs: Dell notifies customers about data breach DocGo patient health data stolen in cyberattack Desperate Taylor Swift fans defrauded by ticket scams Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10 Last week on ThreatDown:...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/22 11:11 a.m.18 views

Signal to shield user phone numbers by default

Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal h...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/20 7:3 p.m.18 views

Law enforcement trolls LockBit, reveals massive takedown

In an act of exquisite trolling, the UKs National Crime Agency NCA has announced further details about its disruption of the LockBit ransomware group by using the groups own dark web website. The LockBit dark web site has a new look Since the demise of Conti in 2022, LockBit has been unchallenged...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/06 2:1 p.m.18 views

Known ransomware attacks up 68% in 2023

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is "Big Game" ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/25 1:54 p.m.18 views

AI likely to boost ransomware, warns government body

The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/20 12:56 p.m.18 views

Google failing to scrub abortion access in location history, study claims

Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that. The findings, which wer...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/03 7:7 p.m.18 views

Microsoft disables ms-appinstaller after malicious use

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that its turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a devic...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/12 11:39 a.m.18 views

The sound of you typing on your keyboard could reveal your password

As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/23 12:22 p.m.18 views

Battling a new DarkGate malware campaign with Malwarebytes MDR

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/05 2:0 a.m.18 views

Meta and TikTok consider charging users for ad-free experience

According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/19 4:0 a.m.18 views

The privacy perils of the Metaverse

A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. T...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/06 1:0 a.m.18 views

Smart chastity device exposes sensitive user data

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/22 11:45 a.m.18 views

Alert Prioritization and Guided Remediation: The future of EDR

Sleepless nights, missed threats, a deluge of notifications--the common symptoms of the bane of IT teams everywhere: Alert fatigue. Out of the litany of problems IT teams face every day, alert fatigue might be among the most pressing--especially considering that 30 percent of EDR alerts are ignor...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/14 12:0 a.m.18 views

A week in security (August 7 - August 13)

Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/11 9:0 a.m.18 views

Google’s “browse privately” is nothing more than a word play, lawyers say

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as tha...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/04 1:45 p.m.18 views

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/17 9:30 a.m.18 views

Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew

The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data--be it email addresses, credit card numbers, or even medical records. There are the users--unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/12 2:0 a.m.18 views

Proposed Massachusetts law to ban sale of your mobile location data

Cellular location phone data may be banned from sale in the state of Massachusetts, under a proposed law set to ruffle some data broker feathers. The selling of location data has long been a point of contention for privacy experts. As with so much bulk user data, claims of anonymity from the...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/07 7:0 p.m.18 views

How kids pay the price for ransomware attacks on education

Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met. We have to wonder how greedy any...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/26 10:45 a.m.18 views

Malvertising: A stealthy precursor to infostealers and ransomware attacks

This article is based on research by Jerome Segura, Senior Director of Threat Intelligence at Malwarebytes, who oversees data collection from spam feeds and telemetry to identify the most relevant threats. Malvertising, the practice of using online ads to spread malware, can have dire...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/21 3:0 a.m.18 views

Ransomware attackers email bemused students as leverage for a payout

The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/10 2:0 a.m.18 views

New Discord username policy raises user privacy fears

Discord, the Voice over IP VoIP and instant message communications tool, is changing how usernames function in a major way soon. Many users are not keen on this change at all. What is going on over there, and why are so many people concerned about the upcoming alterations? When Discord launched...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/08 9:0 a.m.18 views

The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11

Ransomware is becoming bespoke, and that could mean trouble for businesses and law enforcement investigators. It wasn't always like this. For a few years now, ransomware operators have congregated around a relatively new model of crime called "Ransomware-as-a-Service." In the...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/04 10:30 a.m.18 views

The one and only password tip you need

OK, its time for me to keep a promise. Back in October 2022, I wrote an article called Why almost everything we told you about passwords was wrong. The article summarizes how a lot of what youve been told about passwords over the years was either wrong change your passwords as often as your...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/03 10:0 a.m.18 views

Upcoming webinar: Is EDR or MDR better for your business?

Don't miss our upcoming webinar on EDR vs. MDR! In the webinar, Marcin Kleczynski, CEO and co-founder of Malwarebytes, and guest speaker Joseph Blankenship, Vice President and research director at Forrester, discuss topic such as: The difference between EDR and MDR, how EDR solutions can be...

6.7AI score
Exploits0
Total number of security vulnerabilities4709