2023 State of Malware Report: What the channel needs to know to stay ahead of threats

The channel, comprising managed service providers MSPs, Systems Integrators SIs, value-added resellers VARs, and more, plays a vital role in providing cybersecurity for companies around the globe today. But as malware evolves and cyberattacks become more common, keeping up with the top threats to...

A week in security (February 27 - March 5)

Last week on Malwarebytes Labs: Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05 How to work from home securely, the NSA way TikTok probed over child privacy practices iPhone users targeted in phone AND data theft campaign US Marshal...

BlackCat ransomware targets another healthcare facility

In a statement issued Monday morning, Lehigh Valley Health Network said it had been the target of a cyberattack attributed to a ransomware gang known as BlackCat. The Network is made up of 13 hospital campuses, as well as other health facilities, and is based in Pennsylvania. BlackCat The...

Should you share passwords with your partner?

To share or not to share? When it comes to love and romance, that is the password question, isn't it? This Valentine's Day, we attempt to lift the lid on this steamy cybersecurity subject to see if two people in a romantic relationship are both on board on the matter of exchanging passwords with...

A week in security (January 9—15)

Last week on Malwarebytes Labs: Slack private code on GitHub stolen Crypto-inspired Magecart skimmer surfaces via digital crime haven Security vulnerabilities in major car brands revealed Microsoft ends extended support for Windows 7 and Windows Server 2008 today Pokemon NFT card game malware...

LastPass updates security notice with information about a recent incident

The password management company LastPasss notified customers in late December about a recent security incident. The notice was posted as an update of the security incident previously reported in August of 2022, which also was updated and covered on November 30, 2022. According to LastPass, an...

The weirdest security stories of 2022

Theres been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches. Whether were talking social media, email, or even malware, theres been a mind bending tale of tall behaviour in almost every corner. Its time to...

5 SaaS security best practices

Just about anywhere you look, organizations are relying on Software-as-a-Service SaaS apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to rea...

New streaming ad technology plays hide-and-seek with gamers

A new form of digital advertising is looking to make its way to you courtesy of video gaming. However, theres a rather peculiar twist involved. These ads wont appear in front of you while playing; in fact, theyre designed to trigger when someone else is in-game. The most baffling twist of all?...

Looking for student debt relief? Watch out for scammers says the FBI

The FBI believes that scammers may be after people applying for the One-Time Federal Student Loan Debt Relief, a program announced by the Biden-Harris Administration in August 2022 that provides up to $20,000 in student loan debt relief. In a recent public service announcement, the agency warned ...

Criminal group busted after stealing hundreds of keyless cars

Europol has disclosed an international operation in which 31 suspects were arrested, 22 locations were searched, and over one million Euros in criminal assets were seized. The organized criminal gang specialized in stealing French keyless cars. Among the arrested were the software developers that...

Morgan Stanley's years-long "extensive failure" to protect customer data ends in huge fine

On Tuesday, the Securities and Exchange Commission SEC charged financial company Morgan Stanley a $35M fine for "the firm's extensive failures, over five years, to protect the personal identifying information, or PII, of approximately 15 million customers. The company agreed to settle the penalty...

5 technologies that help prevent cyberattacks for SMBs

The intel you need to secure your business--delivered straight to your inbox From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full of the best of our business blog. Subscribe to our Business newsletter today. Now more...

Steam account credentials phished in browser-in-a-browser attack

Steam users are once again under threat from a particularly sneaky tactic used to steal account details. As with so many Steam attacks currently, it accommodates for the possibility of users relying on Steam Guard Mobile Authentication for additional protection. It also makes use of a recent...

6 patch management best practices for businesses

Patching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. Needless to say, businesses are looking to streamline their patch management...

Apple’s child safety features are coming to a Messages app near you

Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features initial launch in the US on the iOS, iPad, and macOS devices. To make communicating with Messages...

Phishers make a date with your calendar apps

Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They’ve been misused by bad actors for many years now, most commonly spamming unwary potential victims an...

RagnarLocker ransomware gang breached 52 critical infrastructure organizations

In a FLASH publication issued by the FBI in coordination with DHS/CISA, the FBI says it has identified at least 52 organizations across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including organizations in the critical manufacturing, energy, financial services,...

When fake dating profiles try the military approach

I’ve run into many romance scams over the years. You’ll find them lurking on social media, instant messaging, chatrooms/forums, and many more besides. They’re particularly popular during times of war or natural disaster, as they often dovetail into donation and charity scams. The icing on the cak...

Microsoft takes macros out of the equation for five Office apps

Microsoft says it is going to disable macros in five Office apps by default. Besides Excel 4.0 macros, which were disabled by default last month, now VBA macros obtained from the Internet will be blocked by default as well. The change will begin rolling out in Version 2203, starting with Current...

Open Subtitles breach: The dangers of password reuse

Popular website Open Subtitles has been breached. The impact so far: almost seven million accounts “breached and ransomed” back in August. New breach: Open Subtitles had almost 7M accounts breached and ransomed in Aug. Data included email and IP addresses, usernames and unsalted MD5 password...

Kronos crippled by ransomware, service may be out for weeks

Human resources platform provider UKG has put out a statement saying its fallen prey to ransomware that has disrupted the Kronos Private Cloud. It expects the service to be out for several weeks. The statement came after the company posted a message on the Kronos community message board, explaini...

ExpressVPN made a choice, and so did I: Lock and Code S02E19

On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turke...

Facebook’s own research reveals the harm that Instagram can inflict

For years, people have accused social media, and particularly image-driven sites like Instagram, of being bad for young people, particularly young women. It turns that Instagrams owner, Facebook, agrees. Thirty-two percent of teen girls said that when they felt bad about their bodies, Instagram...

NAME:WRECK, a potential IoT trainwreck

A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK. Plural...

Good news: Stalkerware survey results show majority of people aren’t creepy

Back in July, we sent out a survey to Malwarebytes Labs readers on the subject of stalkerware—the term used to describe apps that can potentially invade someone’s privacy. We asked one question: “Have you ever used an app to monitor your partner’s phone?” The results were reassuring. We received...

Tech support scammers make browser lockers more resilient

Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance. These so-called browser lockers or browlocks typically originate from malicious ads malvertising that can appear on any website, including trusted...

There’s a hole in my bucket: Bitcoin scams aim to exploit volatile market

Bitcoin! Black gold! Texas tea! Only one of these is currently worth ridiculous amounts of money and technically numbers two and three are the same thing. Whether you're in possession of lots of Bitcoins, or in full bandwagon panic "must buy 20 graphics cards before the bubble bursts" mode, you...

Deepfake posting sites depicting famous women taken down by feds

Thanks to Uncle Sam, anyone trying to find nonconsensual intimate deepfakes on CFake.com and SOCFake.com will be disappointed. The US Departments of Justice DOJ and Homeland Security has seized the two domain names under the TAKE IT DOWN Act. The TAKE IT DOWN Act, signed in May 2025, is the first...

We found this fake-invoice campaign while scammers were still building it

A new batch of fake payment invoices is being staged right now, and we caught the campaign while it was still being put together. The emails impersonate PayPal, Amazon, and Geek Squad, and others, and they all share one goal: to scare you into calling a phone number where a fake "support agent" i...

Your phone called. It needs a cleanup.

Does it sometimes take your phone a few minutes to accomplish one simple task? That can be wildly frustrating. But you’re in luck, because we’ve got a free tool that scans your phone for leftover files, temporary data, outdated caches and helps you clean up all that junk. Introducing our Junk...

Kali365 phishing kit bypasses MFA and steals Microsoft logins

When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...

AI is distorting the Holocaust (Lock and Code S07E10)

This week on the Lock and Code podcast … In May of last year, a warning about AI came from somewhere unexpected: The Auschwitz-Birkenau State Museum. Posting publicly on social media, the museum warned about a Facebook account using generative AI to create fake images of people who died in the...

Why Malwarebytes blocks some Yahoo Mail redirects

Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections from the Yahoo Mail page to a set of third‑party domains that our products and other security tools currently classify ...

Deepfake sextortion forces schools to remove student photos from websites

Schools love a good photo, whether it's from a trip to a castle, a science prize ceremony, or sports day shot from three angles. For two decades, celebratory images like these have gone straight onto school websites, captioned with a name and a grade. But those days are gone, because it's the...

Malwarebytes Privacy VPN receives full third-party audit

For the careful VPN customer today, so much depends upon a privacy promise, made, too often, by a company without proof. No-logs policies, modern encryption algorithms, a refusal to store sensitive customer information, and full ownership of servers are just some of the features that contribute t...

Meta rolls out anti-scam tools across WhatsApp, Facebook, and Messenger

Meta has rolled out more anti-scam protections across WhatsApp, Facebook, and Messenger to fight sophisticated fraud tactics. The features will help stop celebrity impersonators and brand spoofers from defrauding its users, the company said. Meta is also targeting attackers who exploit legitimate...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

Fake Zoom meeting “update” silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims

UPDATE February 27, 2026: We have added more clarity around the abuse of legitimate commercial products. UPDATE February 25, 2026 : Teramind has stated that it is not affiliated with the threat actors described and did not authorize the deployment of the software referenced. Further updates have...

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...

Fake LastPass maintenance emails target users

The LastPass Threat Intelligence, Mitigation, and Escalation TIME team has published a warning about an active phishing campaign in which fake “maintenance” emails pressure users to back up their vaults within 24 hours. The emails lead to credential-stealing phishing sites rather than any...

Chrome extension slurps up AI chats after users installed it for privacy

This case highlights a growing grey area in consumer privacy: data collection that is technically disclosed, but so far outside user expectations that most people would never knowingly agree to it. The next time you tell an AI chat assistant your deepest secrets, think twice; you never know who o...

How attackers use real IT tools to take over your computer

A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...

Scammers are sending bogus copyright warnings to steal your X login

One of my favorite Forbes correspondents recently wrote about receiving several fake copyright-infringement notices from X. Let’s suppose you get an email claiming it’s from X, warning: “We’ve received a DMCA notice regarding your account.” Chances are, you’ll be wondering what you did wrong. DMC...

Phishers target 1Password users with convincing fake breach alert

In a very recent and well-targeted phishing attempt, scammers tried to get hold of the 1Password credentials belonging to a Malwarebytes’ employee. Stealing someone’s 1Password login would be like hitting the jackpot for cybercriminals, because they potentially export all the saved logins the...

Critical Android vulnerabilities patched—update as soon as you can

Google has patched six vulnerabilities in Android, including two critical vulnerabilities in its August 2025 Android Security Bulletin. It also covers a critical vulnerability which could have allowed an attacker to execute code on a victim's device without the victim needing to do anything at al...

Smart air fryers ordered to stop invading our digital privacy

In a confirmation that we've gone full Black Mirror, the UK's privacy czar has wagged a finger at air fryer manufacturers and told them to stop playing with our data. New draft guidance from the Information Commissioner's Office ICO targets not just air fryer vendors but manufacturers of any smar...

A week in security (June 9 – June 15)

Last week on Malwarebytes Labs: Been scammed online? Here’s what to do How and where to report an online scam Google bug allowed phone number of almost any user to be discovered 44% of people encounter a mobile scam every single day, Malwarebytes finds GirlsDoPorn owner faces life in jail after...

US airline industry quietly selling flight data to DHS

A data broker owned by some of America's biggest airlines has been selling access to customer flight data to the US Department of Homeland Security DHS. The data, compiled by data broker Airlines Reporting Corporation ARC, includes names, flight itineraries, and financial details. It also covers...

GirlsDoPorn owner faces life in jail after pleading guilty to sex trafficking

Michael James Pratt, the owner of pornographic websites GirlsDoPorn and GirlsDoToys, has pleaded guilty to sex trafficking in a US court. Pratt ran the websites, which lured and coerced young women into filming pornographic videos, from 2013 to 2019. Pratt and his accomplices lured women from...