4706 matches found
Your next car could be watching your face
To reduce traffic incidents, all new cars sold in the EU must now include driver-monitoring technology, including Driver Drowsiness and Attention Warning DDAW systems and, on newer vehicles, Advanced Driver Distraction Warning ADDW systems. Similar requirements are expected in the US, where the...
Beware of “Parcel Expert” job offers: They’re parcel mule scams
A parcel mule scam, also called a reshipping scam, is a fake job offer designed to recruit people into handling stolen goods. It usually starts with a fake remote job offer that promises easy money for receiving, inspecting, repackaging, and forwarding packages from home. The “employer” may claim...
Watch out for renewal scams pretending to be Malwarebytes
Fake subscription renewal notices are doing the rounds again. Some of these scams impersonate Malwarebytes, and we've also seen them reach our customers. You're more likely to trust the message if you're already a customer of the company mentioned in the email. That's what the scammers are counti...
Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap
Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...
Roblox developers are losing entire games to malware attacks
Account theft usually ends with someone losing a password. This one ends with hackers walking off with the entire game. Developers behind some of Roblox's millions of games told 404 Media that attackers persuaded them to run a single file. Then they watched their group, their game, and their Robu...
Cyberattacks are raising your prices (Lock and Code S07E09)
This week on the Lock and Code podcast… Your prices could be going up because of a little something that one group has started calling the “cyber tax.” Not a “tax” in any regulatory sense of the word, this newly named “cyber tax” is instead a consequence of the growing number of cyberattacks on...
A week in security (April 27 – May 3)
Last week on Malwarebytes Labs: 3 easy-to-miss cybersecurity risks for small businesses Actively exploited cPanel bug exposes millions of websites to takeover More PayPal emails hijacked to deliver tech support scams Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do...
Actively exploited cPanel bug exposes millions of websites to takeover
Security researchers are warning about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager WHM. This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface...
Researcher claims Claude Desktop installs “spyware” on macOS
Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Claims like that are bound to create two sides, so we searched for an official rebuttal by Anthropic. But we couldn’t find one. It would surprise me very much if they’d...
A week in security (April 13 – April 19)
Last week on Malwarebytes Labs: This old-school scam is still working "Your shipment has arrived" email hides remote access software Browser Guard gets even better with Access Control "iCloud storage is full" scam is back, and now it wants your payment details A fake Slack download is giving...
“Your shipment has arrived” email hides remote access software
An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to explore a network, steal data, and drop additional malware. A German industrial spare parts and equipment supplier received an ema...
30,000 private Facebook images allegedly downloaded by Meta employee
Every tech company tells you your data is safe. They've hopefully got encryption, access controls, and zero-trust architectures—the whole glossy security brochure. And then someone on the inside writes a script to steal your private photos anyway. That's what a former Meta employee based in Londo...
GlassWorm attack installs fake browser extension for surveillance
GlassWorm hides inside developer tools. Once it's in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While it starts with developers, the impact can quickly spread. With stolen credentials, access tokens, and compromised tools, attackers can...
FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
In a Public Service Announcement PSA the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA warn the public about ongoing Russian-linked phishing campaigns that aim to gain access to messaging accounts. Earlier this month we wrote about a large‑scale...
Apple patches Coruna exploit kit flaws for older iOS versions
On March 3, 2026, Google warned about a powerful exploit kit targeting Apple iPhone models running iOS version 13.0 released in September 2019 up to version 17.2.1 released in December 2023. In the latest security updates, Apple patched the vulnerabilities used in the Coruna exploit kit for older...
Meta rolls out anti-scam tools across WhatsApp, Facebook, and Messenger
Meta has rolled out more anti-scam protections across WhatsApp, Facebook, and Messenger to fight sophisticated fraud tactics. The features will help stop celebrity impersonators and brand spoofers from defrauding its users, the company said. Meta is also targeting attackers who exploit legitimate...
How to see your Google Search history (and delete it)
Your Google Search history provides one of the most detailed windows into your private life, and I know this because when I looked at my own search history last year, I was overwhelmed by the information buried within. Across just 18 months, Google tracked the 8,079 searches I made and the 3,050...
Signal and WhatsApp accounts targeted in phishing campaign
Dutch intelligence services AIVD and MIVD warn that Russian state‑backed hackers are running a large‑scale campaign to break into Signal and WhatsApp accounts of high‑value targets. The targets are said to be senior officials, military personnel, civil servants, and journalists. The attackers are...
Supreme Court to decide whether geofence warrants are constitutional
Google has weighed in on a court case that will decide the future of a powerful but contentious tool for law enforcement. The company submitted an opinion to the US Supreme Court arguing that geofence warrants are unconstitutional. A geofence warrant is a form of "reverse warrant" that turns a...
ClickFix added nslookup commands to its arsenal for downloading RATs
ClickFix malware campaigns are all about tricking the victim into infecting their own machine. Apparently, the criminals behind these campaigns have figured out that mshta and Powershell commands are increasingly being blocked by security software, so they have developed a new method using...
A week in security (January 26 – February 1)
Last week on Malwarebytes Labs: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group TikTok’s privacy update mentions immigration status. Here’s why. Meta confirms it’s working on premium subscription for its apps Microsoft Office zero-day lets malicious documents slip past securi...
Clawdbot’s rename to Moltbot sparks impersonation campaign
After the viral AI assistant Clawdbot was forced to rename to Moltbot due to a trademark dispute, opportunists moved quickly. Within days, typosquat domains and a cloned GitHub repository appeared—impersonating the project’s creator and positioning infrastructure for a potential supply-chain...
Get paid to scroll TikTok? The data trade behind Freecash ads
Loyal readers and other privacy-conscious people will be familiar with the expression, “If it’s too good to be true, it’s probably false.” Getting paid handsomely to scroll social media definitely falls into that category. It sounds like an easy side hustle, which usually means there’s a catch. I...
Under Armour ransomware breach: data of 72 million customers appears on the dark web
When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has...
Can you use too many LOLBins to drop some RATs?
Recently, our team came across an infection attempt that stood out—not for its sophistication, but for how determined the attacker was to take a “living off the land” approach to the extreme. The end goal was to deploy Remcos , a Remote Access Trojan RAT, and NetSupport Manager , a legitimate...
Fake extension crashes browsers to trick users into infecting themselves
Researchers have found another method used in the spirit of ClickFix: CrashFix. ClickFix campaigns use convincing lures—historically “Human Verification” screens—to trick the user into pasting a command from the clipboard. After fake Windows update screens, video tutorials for Mac users, and many...
WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping
WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases, even track their location via Google’s Find Hub network—all without requiring any user interaction. Researchers at the Belgian University of Leuven...
CISA warns of active attacks on HPE OneView and legacy PowerPoint
The US Cybersecurity and Infrastructure Security Agency CISA added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities KEV. The KEV catalog gives Federal Civilian Executive Branch FCEB agencies a list of vulnerabilities that are known to be exploite...
ALPRs are recording your daily drive (Lock and Code S06E26)
This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...
Update Chrome now: Google fixes 13 security issues affecting billions
Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can pro...
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
This week on the Lock and Code podcast … It's often said online that if a product is free, you're the product, but what if that bargain was no longer true? What if, depending on the device you paid hard-earned money for, you still became a product yourself, to be measured, anonymized, collated,...
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
Messaging giant WhatsApp has around three billion users in more than 180 countries. Researchers say they were able to identify around 3.5 billion registered WhatsApp accounts thanks to a flaw in the software. That higher number is possible because WhatsApp’s API returns all accounts registered to...
The hidden costs of illegal streaming and modded Amazon Fire TV Sticks
Ahead of the holiday season, people who have bought cheap Amazon Fire TV Sticks or similar devices online should be aware that some of them could let cybercriminals access personal data, bank accounts, and even steal money. BeStreamWise, a UK initiative established to counter illegal streaming,...
Matrix Push C2 abuses browser notifications to deliver phishing and malware
Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...
Your passport, now on your iPhone. Helpful or risky?
Apple has launched Digital ID, a way for users in the US to create and present a government-issued ID in Apple Wallet using their passport information. For now, it works only for identity verification at Transportation Security Administration TSA checkpoints in more than 250 airports. Apple says...
Phishing emails disguised as spam filter alerts are stealing logins
Cybercriminals are spoofing "email delivery" notifications to look like they came from spam filters inside your own organization. The goal is to lure you to a phishing site that steals login credentials—credentials that could unlock your email, cloud storage or other personal accounts. The email...
Update Chrome now: 20 security fixes just landed
Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome and other Chromium-based browsers that runs JavaScript. Chrome is by far the world’s most...
Apple may have to open its walled garden to outside app stores
The UK’s Competition and Markets Authority CMA ruled that both Google and Apple have a "strategic market status." Basically, they have a monopoly over their respective mobile platforms. As a result, Apple may soon be required to allow rival app stores on iPhones—a major shift for the smartphone...
Over 100 Chrome extensions break WhatsApp’s anti-spam rules
Recent research by Socket’s Threat Research Team uncovered a massive, coordinated campaign flooding the Chrome Web Store with 131 spamware extensions. These add-ons hijack WhatsApp Web—the browser version of WhatsApp—to automate bulk messages and skirt anti-spam controls. Spamware is software tha...
Video call app Huddle01 exposed 600K+ user logs
The Cybernews research team found that video call app Huddle01 exposed email addresses, real names, and other identifiers through an unprotected Kafka broker. Think of an unprotected Kafka broker like a post office that stores and delivers confidential mail. Now, imagine the manager leaves the...
260 romance scammers and sextortionists caught in huge Interpol sting
Online crime of all kinds is deplorable, but romance scammers and sextortionists who target the most vulnerable victims are among the worst. Now, there’s likely a place for 260 of them in jail, thanks to international law enforcement. Interpol's Operation Contender 3.0 targeted alleged criminals...
Fake Malwarebytes, LastPass, and others on GitHub serve malware
Fake versions of legitimate software are currently circulating on GitHub pages, in a large-scale campaign targeting Mac users. Unfortunately, Malwarebytes for Mac is one of them. Impersonating brands is sadly commonplace, as scammers take advantage of established brand names to target their...
Update your Chrome today: Google patches 4 vulnerabilities including one zero-day
Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it they have "zero days" to fix it. This update is...
Google misled users about their privacy and now owes them $425m, says court
A court has ordered Google to pay $425m in a class action lawsuit after it was found to have misled users about their online privacy. In July 2020, Google user Anibal Rodriguez filed a lawsuit against the search giant, arguing that it misled users with its "Web & App Activity" setting. The settin...
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts
TP-Link has issued a warning about a botnet exploiting two vulnerabilities to infect small office/home SOHO routers, which are then weaponized to attack Microsoft 365 accounts. The vulnerabilities affect the Archer C7 and TL-WR841N/ND routers, though other models may also be at risk. Despite the...
77 malicious apps removed from Google Play Store
Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over 19 million times. One of the malware families discovered by the researchers is a banking Trojan known as Anatsa or TeaBot. This banking...
How a scam hunter got scammed (Lock and Code S06E17)
This week on the Lock and Code podcast… If there’s one thing that scam hunter Julie-Anne Kearns wants everyone to know, it is that no one is immune from a scam. And she would know—she fell for one last year. For years now, Kearns has made a name for herself on TikTok as a scam awareness and...
Netflix scammers target jobseekers to trick them into handing over their Facebook logins
In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff. The initial mail looks like what you might expect from a headhunter or a human resources HR recruitment specialist. "I hope this note finds you well," the email...
TeaOnHer, the male version of Tea, is leaking personal information on its users too
Last week we reported about some serious leaks in Tea Dating Advice, an app that provides a space for women to exchange information about men they know, have met, or have dated in the past. The app aims to provide a platform where people can share relevant information about, say, potentially...
VPN use rises following Online Safety Act’s age verification controls
As the UK's Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network VPN services has skyrocketed by up to 20-fold across the region. Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on Jul...