4658 matches found
Beware of Zelle transfer scams
As we have said many times before, falling for a scam can happen to the best of us. And it can ruin lives. In our podcast How a scam hunter got scammed, scam hunter Julie-Anne Kearns talked about how she had been duped by people pretending to be from HMRC, which is the UK’s version of the US...
Update your Chrome today: Google patches 4 vulnerabilities including one zero-day
Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it they have "zero days" to fix it. This update is...
Grok, ChatGPT, other AIs happy to help phish senior citizens
If you are under the impression that cybercriminals need to get their hands on compromised AI chatbots to help them do their dirty work, think again. Some AI chatbots are just so user friendly that they can help the user craft phishing text, and even malicious HTML and Javascript code. A few week...
Watch out for the “We are hiring” remote online evaluator message scam
Looking at our team’s recent text messages, you’d think that remote online evaluators are in high demand right now. Several members of our team have received the almost exact same job offer scam texts. The content of the messages is almost identical, but there is a variation in background images...
Plex users: Reset your password!
Media streaming platform Plex has warned customers about a data breach, advising them to reset their password. Plex said an attacker broke into one of its databases, allowing them to access a "limited subset" of customer data. This included email addresses, usernames, hashed passwords, and...
77 malicious apps removed from Google Play Store
Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over 19 million times. One of the malware families discovered by the researchers is a banking Trojan known as Anatsa or TeaBot. This banking...
Clickjack attack steals password managers’ secrets
Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...
How to spot the latest fake Gmail security alerts
Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...
Russians hacked US courts, say investigators
Russia is after secret files in the US court system, according to reports this week—and its hackers appear to have reached at least some of them. Last week, news broke of a successful cyberattack against the decades-old US court filing system. Called Case Management/Electronic Case Files CM/ECF,...
Microsoft patches some very important vulnerabilities in August’s patch Tuesday
In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities. A few of them are very important for people to apply. Even if you’re not a tech expert, keeping your Windows system up to date is one of the simplest and most effective ways to protect yourself from...
WinRAR vulnerability exploited by two different groups
On July 30, 2025, WinRAR released a new version 7.13 Final to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack vario...
Scam hunter scammed by tax office impersonators
The next time you shake your head at another online scam and vow that you'd never fall for it, remember that even the most tech-savvy people can sometimes slip up. A case in point: Julie-Anne Kearns. This self-made scam-hunter told her story to the Guardian last week, revealing how she had been...
Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!
Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar. In total, 29 vulnerabilities were patched,...
Age verification: Child protection or privacy risk?
With governments demanding actual age verification on websites with adult content, and platforms like social media and Roblox introducing restrictions based on a user’s age, the controversy about different types of age verification and their implications is growing. Last week, Roblox announced ne...
Proton launches Lumo, a privacy-focused AI chatbot
Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence AI chatbot. It is good to know before you dive in that Proton’s chatbot has two user options that offer a very different experience. If you want Lumo to access the...
“Ring cameras hacked”? Amazon says no, users not so sure
In the last week, countless Amazon Ring users on TikTok, Reddit, and X have been saying they believe their Ring cameras were hacked starting May 28. Many posted screenshots of their accounts, showing multiple unauthorized device logins, making these claims hard to ignore. Forbes looked into the...
McDonald’s AI bot spills data on job applicants
McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password “12345.”...
Ransomware negotiator investigated over criminal gang kickbacks
If someone is going to negotiate with criminals for you, that person should at least be on your side. That might not have been the case at Digital Mint, a ransomware negotiation company where one worker allegedly went rogue. According to Bloomberg, Digital Mint is cooperating with the US Departme...
Qantas: Breach affects 6 million people, “significant” amount of data likely taken
Australia's largest airline Qantas has confirmed that cybercriminals have gained access to a third party customer servicing platform that contained 6 million customer service records. Qantas says the breach occurred after a cybercriminal targeted a call centre and managed to gain access to the...
Android threats rise sharply, with mobile malware jumping by 151% since start of year
The Android threat landscape in the first half of 2025 has entered a new phase. An era marked not just by volume, but by coordination and precision. Attackers are no longer simply throwing malware at users and hoping for results. They’re building ecosystems . Recent Malwarebytes threat research...
Fake DocuSign email hides tricky phishing attempt
On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...
Thousands of private camera feeds found online. Make sure yours isn’t one of them
If you have internet-connected cameras in or around your home, be sure to check their settings. Researchers just discovered 40,000 of them serving up images of homes and businesses to the internet. Bitsight's TRACE research team revealed the issue in a report released this month. The cameras were...
A week in security (June 15 – June 21)
Last week on Malwarebytes Labs: The data on denying social media for kids re-air Lock and Code S06E12 Reddit’s new AI-powered tools scan your posts to serve you better ads Smart air fryers ordered to stop invading our digital privacy WhatsApp to start targeting you with ads Scammers hijack websit...
Fake bank ads on Instagram scam victims out of money
Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal BMO and EQ Bank Equitable Bank in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence AI...
5 riskiest places to get scammed online
Scammers love your smartphone. They can text you fraudulent tracking links for packages you never bought. They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even...
The data on denying social media for kids (re-air) (Lock and Code S06E12)
This week on the Lock and Code podcast … Complex problems often assume complex solutions, but recent observations about increased levels of anxiety and depression, increased reports of loneliness, and lower rates of in-person friendships for teens and children in America today have led some schoo...
44% of people encounter a mobile scam every single day, Malwarebytes finds
It’s become so troublesome owning a phone. Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands, and unknown calls hide extortion attempts, virtual kidnapping schemes, or AI threats. Confusingly, even legitimate businesses now lean on outreach tactics...
Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware
Cybercriminals are taking advantage of the public’s interest in Artificial Intelligence AI and delivering malware via text-to-video tools. According to researchers at Mandiant, the criminals are setting up websites claiming to offer “AI video generator” services, and then using those fake tools t...
FBI issues warning as scammers target victims of crime
The FBI has issued a warning about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center IC3 employees in order to scam people. Between December 2023 and February 2025, the FBI received over 100 reports of scams involving people posing as IC3...
Location, name, and photos of random kids shown to parents in child tracker mix up
Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. And could not locate their own. T-Mobile sells a small GPS tracker called SyncUP, which can be used to track, among...
Personal data revealed in released JFK files
Over 60,000 pages related to the 1963 assassination of US President John F. Kennedy were released as part of President Donald Trump’s directive on March 17, 2025, and while readers will not find a conclusive answer to the main question—nor will the files put an end to surrounding conspiracy...
Sperm bank breach deposits data into hands of cybercriminals
Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers' personal information. California Cryobank CCB is a sperm donation and cryopreservation firm and one of the US’ top sperm banks. As such, it services all US states and over 30 countries...
1 in 10 people do nothing to stay secure and private on vacation
This year, Spring Break vacationers are packing more than their flip-flops, bucket hats, and sunglasses—they’re also packing a few cybersecurity anxieties for the trip. According to new research from Malwarebytes, 52% of people said they “worry about being scammed while traveling,” while another...
Ransomware threat mailed in letters to business owners
Business owners and CEOs across the United States received customized ransomware threats this month from the most unusual of places—letters in the mail. The letters, which were first reported by multiple cybersecurity researchers, claim to come from a ransomware group called BianLian. But since...
Surveillance pricing is “evil and sinister,” explains Justin Kloczko (Lock and Code S06E04)
This week on the Lock and Code podcast … Insurance pricing in America makes a lot of sense so long as you’re one of the insurance companies. Drivers are charged more for traveling long distances, having low credit, owning a two-seater instead of a four, being on the receiving end of a car crash,...
A week in security (February 17 – February 23)
Last week on Malwarebytes Labs: Healthcare security lapses keep piling up SecTopRAT bundled in Chrome installer distributed via Google Ads Google Docs used by infostealer ACRStealer as part of attack DeepSeek found to be sharing user data with TikTok parent company ByteDance Malwarebytes introduc...
A week in security (February 10 – February 16)
Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown Lock and Code S06E03 Apple ordered to grant access to users’ encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in "extremely...
Your location or browsing habits could lead to price increases when buying online
Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report lookin...
A week in security (January 13 – January 19)
Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel Lock and Code S06E01 Insurance company accused of using secret software to illegally collect and sell location data ...
Avery had credit card skimmer stuck on its site for months
The consequences of a wave of credit card skimmers—which is normal around the holidays—are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its...
iMessage text gets recipient to disable phishing protection so they can be phished
A smishing SMS phishing campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple's built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is...
Massive breach at location data seller: “Millions” of users affected
Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if you’re a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sources—from...
A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)
This week on the Lock and Code podcast… Privacy is many things for many people. For the teenager suffering from a bad breakup, privacy is the ability to stop sharing her location and to block her ex on social media. For the political dissident advocating against an oppressive government, privacy ...
A week in security (December 9 – December 15)
Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...
Data brokers should stop trading health and location data, new bill proposes
Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international...
These cars want to know about your sex life (re-air) (Lock and Code S05E25)
This week on the Lock and Code podcast … Two weeks ago, the Lock and Code podcast shared three stories about home products that requested, collected, or exposed sensitive data online. There were the air fryers that asked users to record audio through their smartphones. There was the smart ring...
Medical testing company LifeLabs failed to protect customer data, report finds
In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information PII of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadia...
Explained: the Microsoft connected experiences controversy
Recently we've seen some heated discussion about Microsoft’s connected experiences feature. As in many discussions lately there seems to be no room for middle ground, but we're going to try and provide it anyway. First of all, it’s important to understand what the “connected experiences” are...
Meta takes down more than 2 million accounts in fight against pig butchering
Meta provided insight this week into the company's efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The...
AI is everywhere, and Boomers don’t trust it
Artificial intelligence tools like ChatGPT, Claude, Google Gemini, and Meta AI represent a stronger threat to data privacy than the social media juggernauts that cemented themselves in the past two decades, according to new research on the sentiments of older individuals from Malwarebytes. A...