4706 matches found
5 technologies that help prevent cyberattacks for SMBs
The intel you need to secure your business--delivered straight to your inbox From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full of the best of our business blog. Subscribe to our Business newsletter today. Now more...
How to set up an Android for your kids
Last week, we gave you some tips on how you can set up a new iPhone for your child to use as they start this school year. Today, we'll look at doing the same for Android phones. Setting up an Android isn't very different from setting up an iPhone as both platforms follow a similar logic to making...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
Criminals using compromised social media accounts to "post indecent images of children" says UK cybercrime organization
Action Fraud, the UK's national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately...
Apple’s child safety features are coming to a Messages app near you
Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features initial launch in the US on the iOS, iPad, and macOS devices. To make communicating with Messages...
Beware Ukraine-themed fundraising scams
Unfortunately scammers continue to focus on the invasion of Ukraine to make money. A flurry of bogus domains and scam techniques are spreading their wings. They appear to focus on donation fakeouts but there’s a few other nasty surprises lying in wait too. The lowest of the low There are few lowe...
Looking over your shoulder: when small mistakes have big consequences
People up to no good get themselves caught in an endless number of ways. This has always been the case in the real world, and continues to be true online. No matter how talented, how daring the schemes, greed and the desire for fame often win out. This has disastrous consequences for those caught...
“Threatening and coercive” cold-callers who targeted the elderly hit with big fines
Every so often, fines hit the news as a result of phone/communication spam. Much of it targets older members of society. Sometimes folks say these calls are “just” irritants and nothing to particularly worry about. But it can be really serious, resulting in big chunks of people’s savings being...
Journalist won’t be indicted for hacking for viewing a state website’s HTML
A journalist incorrectly branded as a "hacker" by the governor of Missouri wont be prosecuted "for hacking". This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parsons criminal charges against him...
Ransomware gangs are recruiting breached individuals to persuade companies to pay up
Youve heard about ransomware, where attackers lock up your files and demand a payment for the decryption key. You may also have heard about ransomware attackers not only locking up your files, but also threatening to release the stolen data in an attempt to get you to pay up. What you may not hav...
Sophisticated phishing scheme spent years robbing authors of their unpublished work
Three years ago on Quora, someone asked what writers do to keep their manuscripts from being stolen. One of the top answers reads as follows: You’re joking, right? It’s hard enough to get people to read your novel once it’s out on Amazon, much less reading it before it’s finished…unless you’re...
A week in security (Dec 20 – 26)
Last week on Malwarebytes Labs: When a deepfake “empire” continues to grow Everything you always wanted to know about NFTs but were too afraid to ask: Lock and Code S02E24 Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’ Logistics giant warns of scams following ransomware...
ExpressVPN made a choice, and so did I: Lock and Code S02E19
On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turke...
Panic attack: Apple scams apply pressure
We've seen a number of Apple-related phishes in circulation over the last few days. While most of them already lead to deactivated phishing sites, we thought it was worth highlighting some of the tricks being used to bait people into handing over payment details at the moment. Fake receipt emails...
Turn off this Meta setting before someone generates AI images of you
Every consumer app has a settings menu that lets you make decisions about things like notifications or dark mode. Meta has just decided that anyone can generate AI images of you from your public Instagram account by typing your Instagram handle into a prompt. On July 7, Meta launched its AI image...
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts
Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware. Verified X account used in Mac...
BioShocking: when “gaming” AI agents is no longer a game
AI-powered browsers and agents promise to take the drudgery out of web tasks. They can summarize pages, pull data from your accounts, and even act as a smart assistant that clicks and types for you. But new research shows that when those assistants lose track of what’s real and what’s just a game...
Watch out for “high paying, low effort” Amazon job texts
Remote, flexible, high‑paying work is a tempting prospect, and the holy grail for many people looking for a new role. But it's not just recruiters who are aware of this, job scammers do too and are happy to use it as an easy lure. That lure tends to be even more tempting when they claim to be...
Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari
Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities we...
Google can be liable for false AI Overviews, court rules
A German court has ruled that Google can be held directly responsible for defamatory claims produced by its AI Overviews. Basically, the court said that telling people they should double-check AI search results is not enough to deny liability for what those results say. This kind of warning may n...
More PayPal emails hijacked to deliver tech support scams
Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paus...
Microsoft won’t patch PhantomRPC: Feature or bug?
A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call RPC, the core of communication between Windows processes. The vulnerability lets a process with impersonation rights...
Scam-checking just got a lot easier: Malwarebytes is now in Claude
For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how to replace a pendant light in the home, and where to eat during upcoming...
Medical data of 500,000 UK volunteers listed for sale on Alibaba
Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba...
Beware of fake OpenClaw installers, even if Bing points you to GitHub
Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for. OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine...
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...
Firefox joins Chrome and Edge as sleeper extensions spy on users
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years...
Online shoppers at risk as Magecart skimming hits major payment networks
Researchers have been tracking a Magecart campaign that targets several major payment providers, including American Express, Diners Club, Discover, and Mastercard. Magecart is an umbrella term for criminal groups that specialize in stealing payment data from online checkout pages using malicious...
Leaks show Intellexa burning zero-days to keep Predator spyware running
Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator...
Google patches 107 Android flaws, including two being actively exploited
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month...
A week in security (November 17 – November 23)
Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
Attackers have a new trick to steal your username and password: fake browser pop-ups that look exactly like real sign-in windows. These “Browser-in-the-Browser” attacks can fool almost anyone, but a password manager and a few simple habits can keep you safe. Phishing attacks continue to evolve, a...
Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild
These updates fix serious security issues — including one that attackers are already exploiting to take control of Windows systems. By chaining it with other attacks, they can gain full admin access, install malware, steal data, or make deeper changes you wouldn’t normally be able to undo. Run...
Fantasy Hub is spyware for rent—complete with fake app kits and support
Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...
A week in security (November 3 – November 9)
Last week on Malwarebytes Labs: Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025 Fake CAPTCHA sites now have tutorial videos to help victims install malware Hackers commit highway robbery, stealing cargo and goods Android malware steals your card details and PIN to make instant A...
Fake PayPal invoice from Geek Squad is a tech support scam
One of our employees received this suspicious email and showed it to me. Although it's a pretty straightforward attempt to lure targets into calling the scammers, it's worth writing up because it looks like it was sent out in bulk. Let's look at the red flags. Firstly, the sender address : PayPal...
From threats to apology, hackers pull child data offline after public backlash
Last week we yelled at some “hackers” that threatened parents after stealing data from their children's nursery. This followed a BBC report that a group calling itself “Radiant” claimed to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the U...
Malwarebytes for Teams now includes VPN
Running a small business today can hardly be done from a single device, a single location, or a single network. Staying cybersecure is quite the same. To extend the security and privacy of small business owners, no matter where you are, Malwarebytes for Teams now includes personal VPN access, for...
A week in security (September 1 – September 7)
Last week on Malwarebytes Labs: Nexar dashcam video database hacked Roblox introduces age checks to use communication features Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind TP-Link warns of botnet infecting routers and targeting Microsoft 365...
How to spot the latest fake Gmail security alerts
Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...
Microsoft patches some very important vulnerabilities in August’s patch Tuesday
In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities. A few of them are very important for people to apply. Even if you’re not a tech expert, keeping your Windows system up to date is one of the simplest and most effective ways to protect yourself from...
Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!
Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar. In total, 29 vulnerabilities were patched,...
Meta AI chatbot bug could have allowed anyone to see private conversations
A researcher has disclosed to TechCrunch that he received a $10,000 bounty for reporting a bug that let anyone access private prompts and responses with the Meta AI chatbot. On June 13, we reported that the Meta AI app publicly exposes user conversations, often without users realizing it. In thes...
Fake DocuSign email hides tricky phishing attempt
On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...
Fake bank ads on Instagram scam victims out of money
Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal BMO and EQ Bank Equitable Bank in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence AI...
Pornhub, RedTube, and YouPorn block access in France, VPN use set to soar
VPNs Virtual Private Networks are suddenly popular in France. Not because France has suddenly become super privacy conscious, but because Pornhub, RedTube, and YouPorn, have blocked access in France. But why? Last year, France enacted a law mandating that pornographic sites implement stricter...
Porn sites probed for allegedly failing to prevent minors from accessing content
Four porn sites are being investigated by the European Commission under its Digital Services Act DSA for allegedly failing to verify its users' ages properly. The Commission, which drafts and enforces the European Union's laws, is focusing the lens on Pornhub, Stripchat, XNXX, and XVideos with th...
Deepfake-posting man faces huge $450,000 fine
A man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes web site. That's if Australia's online safety regulator gets its way. Anthony Rotondo faces charges of posting these and other explicit deepfake images to the...
Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware
Cybercriminals are taking advantage of the public’s interest in Artificial Intelligence AI and delivering malware via text-to-video tools. According to researchers at Mandiant, the criminals are setting up websites claiming to offer “AI video generator” services, and then using those fake tools t...
Employee monitoring app exposes users, leaks 21+ million screenshots
Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common. I’ve lost count of how many blogs I’ve written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. However, perhaps one...