4706 matches found
Scam Facebook groups send malicious Android malware to seniors
An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at "active seniors". Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, a...
Gemini AI flaws could have exposed your data
Security researchers discovered three vulnerabilities in Google's Gemini artificial intelligence AI assistant. Although now patched, this "Trifecta", as the researchers called it, raises important questions about how safe AI tools really are, especially as they become a part of services many of u...
Beware of Zelle transfer scams
As we have said many times before, falling for a scam can happen to the best of us. And it can ruin lives. In our podcast How a scam hunter got scammed, scam hunter Julie-Anne Kearns talked about how she had been duped by people pretending to be from HMRC, which is the UK’s version of the US...
Update your Apple devices to fix dozens of vulnerabilities
Apple has released security updates for iPhones, iPads, Apple Watches, Apple TVs, and Macs as well as for Safari, and Xcode to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data. How to update your devices How to update your iPhone or iPad For iOS and iPadOS...
Grok, ChatGPT, other AIs happy to help phish senior citizens
If you are under the impression that cybercriminals need to get their hands on compromised AI chatbots to help them do their dirty work, think again. Some AI chatbots are just so user friendly that they can help the user craft phishing text, and even malicious HTML and Javascript code. A few week...
A week in security (September 8 – September 14)
Last week on Malwarebytes Labs: AI browsers or agentic browsers: a look at the future of web surfing From Fitbit to financial despair: How one woman lost her life savings and more to a scammer Meta ignored child sex abuse in VR, say whistleblowers When AI chatbots leak and how it happens Fake...
‘Astronaut-in-distress’ romance scammer steals money from elderly woman
A Japanese octogenarian from Hokkaido Island lost thousands of dollars after being scammed by someone who described himself as a desperate astronaut in need of help. According to Hokkaidō Broadcasting, police in Sapporo say the fraudster contacted the woman on social media in July. After several...
Plex users: Reset your password!
Media streaming platform Plex has warned customers about a data breach, advising them to reset their password. Plex said an attacker broke into one of its databases, allowing them to access a "limited subset" of customer data. This included email addresses, usernames, hashed passwords, and...
WhatsApp fixes vulnerability used in zero-click attacks
WhatsApp says it has issued an update to patch a vulnerability that has been used in conjunction with an Apple vulnerability to target specific users and compromise their devices. Reportedly, attackers used this exploit against dozens of WhatsApp users, and WhatsApp has notified those affected:...
Google settles YouTube lawsuit over kids’ privacy invasion and data collection
Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of...
Italian hotels breached for tens of thousands of scanned IDs
The Computer Emergency Response Team CERT for Italy's "Agenzia per l’Italia Digitale" AGID issued a warning that cybercriminals are selling stolen identity documents from hotels operating in Italy. This summer, a criminal hacker group named “mydocs” infiltrated the booking systems of at least ten...
Russians hacked US courts, say investigators
Russia is after secret files in the US court system, according to reports this week—and its hackers appear to have reached at least some of them. Last week, news broke of a successful cyberattack against the decades-old US court filing system. Called Case Management/Electronic Case Files CM/ECF,...
Adult sites trick users into Liking Facebook posts using a clickjack Trojan
As the use of age verification to access adult websites increases in various countries around the world, shady websites with adult content have started a timely malware-fueled campaign to promote links to their own websites. During our daily rounds on Facebook, looking for the latest scams, we...
VPN use rises following Online Safety Act’s age verification controls
As the UK's Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network VPN services has skyrocketed by up to 20-fold across the region. Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on Jul...
A week in security (July 14 – July 20)
Last week on Malwarebytes Labs: Meta execs pay the pain away with $8 billion privacy settlement Adoption agency leaks over a million records Meta AI chatbot bug could have allowed anyone to see private conversations WeTransfer walks back clause that said it would train AI on your files Chrome fix...
WeTransfer walks back clause that said it would train AI on your files
File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded. The change was made after criticisms from its users. The company had quietly inserted the new language in the terms and conditions on its website. Sometime...
Millions of people spied on by malicious browser extensions in Chrome and Edge
Researchers have discovered a campaign that tracked users’ online behavior using 18 browser extensions available in the official Chrome and Edge webstores. The total number of installs is estimated to be over two million. These extensions offered functionality, received good reviews, touted...
Qantas: Breach affects 6 million people, “significant” amount of data likely taken
Australia's largest airline Qantas has confirmed that cybercriminals have gained access to a third party customer servicing platform that contained 6 million customer service records. Qantas says the breach occurred after a cybercriminal targeted a call centre and managed to gain access to the...
AT&T to pay compensation to data breach victims. Here’s how to check if you were affected
AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers. For those that have missed the story so far: Back in 2021, an entity named Shiny Hunters a known hacking...
Jailbroken AIs are helping cybercriminals to hone their craft
Cybercriminals are bypassing the guardrails that are supposed to keep AI models from carrying out criminal activities, according to researchers. We've seen the misuse of AI models by cybercriminals growing rapidly over the past several years, shaping a new era of digital threats. Early on,...
Mattel’s going to make AI-powered toys, kids’ rights advocates are worried
Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution. In a press release last week, the owner of the Barbie brand signed a "strategic collaboration" with the AI company, which owns ChatGPT. "By using OpenAI's technology,...
5 riskiest places to get scammed online
Scammers love your smartphone. They can text you fraudulent tracking links for packages you never bought. They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even...
The data on denying social media for kids (re-air) (Lock and Code S06E12)
This week on the Lock and Code podcast … Complex problems often assume complex solutions, but recent observations about increased levels of anxiety and depression, increased reports of loneliness, and lower rates of in-person friendships for teens and children in America today have led some schoo...
44% of people encounter a mobile scam every single day, Malwarebytes finds
It’s become so troublesome owning a phone. Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands, and unknown calls hide extortion attempts, virtual kidnapping schemes, or AI threats. Confusingly, even legitimate businesses now lean on outreach tactics...
A week in security (May 26 – June 1)
Last week on Malwarebytes Labs: Porn sites probed for allegedly failing to prevent minors from accessing content Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts Deepfake-posting man faces huge $450,000 fine Fake AI video generator tools lure in...
Your 23andMe genetic data could be bought by China, senator warns
Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. The risk is considered real because ...
Tax deadline threat: QuickBooks phishing scam exploits Google Ads
The pressure of the looming tax filing deadline April 15th in the US can make anyone rush online tasks. Cybercriminals are acutely aware of this increased activity and are exploiting trusted platforms like Google to target Intuit QuickBooks users. By purchasing prominent Google Ads, they are...
Toll fee scams are back and heading your way
Back in August 2024, we warned about a relatively new type of SMS phishing or smishing scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US...
Personal data revealed in released JFK files
Over 60,000 pages related to the 1963 assassination of US President John F. Kennedy were released as part of President Donald Trump’s directive on March 17, 2025, and while readers will not find a conclusive answer to the main question—nor will the files put an end to surrounding conspiracy...
Targeted spyware and why it’s a concern to us
Experts are again warning about the proliferating market for targeted spyware and espionage. Before we dive into the world of targeted spyware, it's worth looking at a few of the main players that are active in and against this industry. Paragon Solutions is an Israeli company which sells high-en...
1 in 10 people do nothing to stay secure and private on vacation
This year, Spring Break vacationers are packing more than their flip-flops, bucket hats, and sunglasses—they’re also packing a few cybersecurity anxieties for the trip. According to new research from Malwarebytes, 52% of people said they “worry about being scammed while traveling,” while another...
The dark side of sports betting: How mirror sites help gambling scams thrive
Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception. In recent years, shady betting companies have found a clever way to bypass regulations and continue their operations through mirror sites —duplicate...
TikTok: Major investigation launched into platform’s use of children’s data
TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...
A week in security (February 24 – March 2)
Last week on Malwarebytes Labs: Millions of stalkerware users exposed again PayPal’s "no-code checkout" abused by scammers Countries and companies are fighting at the expense of our data privacy Roblox called "real-life nightmare for children" as Roblox and Discord sued Android happy to check you...
Healthcare security lapses keep piling up
Healthcare is one of the sectors that has the most sensitive information about us. At the same time it's one of the worst at keeping them secret. Because of its access and storage of our personal health information PHI and other personally identifiable information PII, the healthcare sector shoul...
Your location or browsing habits could lead to price increases when buying online
Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report lookin...
A week in security (January 13 – January 19)
Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel Lock and Code S06E01 Insurance company accused of using secret software to illegally collect and sell location data ...
AI-generated malvertising “white pages” are fooling detection engines
This is no secret, online criminals are leveraging artificial intelligence AI and large language models LLMs in their malicious schemes. While AI tends to be abused to trick people i.e. deepfakes in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, thi...
A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)
This week on the Lock and Code podcast… Privacy is many things for many people. For the teenager suffering from a bad breakup, privacy is the ability to stop sharing her location and to block her ex on social media. For the political dissident advocating against an oppressive government, privacy ...
Europol takes down criminal data hub Manson Market in busy month for law enforcement
A coordinated action between several European law enforcement agencies shut down an online marketplace called Manson Market that sold stolen data to any interested cybercriminal. What made this market attractive for cybercriminals was that they could buy data sorted by region and account balance...
Explained: the Microsoft connected experiences controversy
Recently we've seen some heated discussion about Microsoft’s connected experiences feature. As in many discussions lately there seems to be no room for middle ground, but we're going to try and provide it anyway. First of all, it’s important to understand what the “connected experiences” are...
QuickBooks popup scam still being delivered via Google ads
Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We've seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a pho...
Advertisers are pushing ad and pop-up blockers using old tricks
Despite the countermeasures some services are taking against well-known ad blockers, lots of people now use one. This is no doubt due to increased privacy concerns around online tracking, along with the growing number of ads per site. And where there is money to be made, you’ll find social...
Hello again, FakeBat: popular loader returns after months-long hiatus
The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today's example is a reminder that threat actors can quickly switch back to tried and teste...
Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities
Today I have great news to share: We've acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure...
Large eBay malvertising campaign leads to scams
Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared...
Warning: Hackers could take over your email account by stealing cookies, even if you have MFA
The Federal Bureau of Investigation FBI has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication MFA a user has set up. Here's how it works. Most of us don’t think twice about checking the “Remember...
City of Columbus breach affects around half a million citizens
A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government's attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. In a dat...
Crooks bank on Microsoft’s search engine to phish customers
We identified a new wave of phishing for banking credentials that targets consumers via Microsoft's search engine. A Bing search query for 'Keybank login' currently returns malicious links on the first page, and sometimes as the top search result. We have reported the fraudulent sites to Microsof...
LinkedIn bots and spear phishers target job seekers
Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...