4706 matches found
Hacktivists claim near-total Spotify music scrape
Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...
A week in security (December 15 – December 21)
Last week on Malwarebytes Labs: CISA warns ASUS Live Update backdoor is still exploitable, seven years on The ghosts of WhatsApp: How GhostPairing hijacks accounts Chrome extension slurps up AI chats after users installed it for privacy Two Chrome flaws could be triggered by simply browsing the...
Two Chrome flaws could be triggered by simply browsing the web: Update now
Google issued an extra patch addressing two security vulnerabilities in Chrome, both of which can be triggered remotely by an attacker when a user visits a specially crafted, malicious web page. Chrome is by far the world’s most popular browser, with an estimated 3.4 billion users. That makes it ...
SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there
Comparing data breaches is like comparing apples and oranges. They differ on many levels. To news media, the size of the brand, how many users were impacted, and how it was done often dominate the headlines. For victims, what really matters is the type of information stolen. And for the...
Photo booth flaw exposes people’s private pictures online
Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...
How private is your VPN?
When you're shopping around for a Virtual Private Network VPN you'll find yourself in a sea of promises like "military-grade encryption!" and "total anonymity!" You can’t scroll two inches without someone waving around these fancy terms. But not all VPNs can be trusted. Some VPNs genuinely protec...
Prompt injection is a problem that may never be fixed, warns NCSC
Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre NCSC has warned that it may never be “fixed” in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of th...
Canadian police trialing facial recognition bodycams
A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialing technology from US-based Axon, which makes products for the military and law enforcement. Up to 50 officers are taking part in the...
Budget Samsung phones shipped with unremovable spyware, say researchers
A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week. In the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud tha...
[Correction] Gmail can read your emails and attachments to power “smart features”
Update November 22. We’ve updated this article after realising we contributed to a perfect storm of misunderstanding around a recent change in the wording and placement of Gmail's smart features. The settings themselves aren’t new, but the way Google recently rewrote and surfaced them led a lot o...
Sharenting: are you leaving your kids’ digital footprints for scammers to find?
Let’s be real: the online world is a huge part of our kids’ lives these days. From the time they’re tiny, we share photos, moments, and milestones online—proud parent stuff! Schools, friends, and family all get involved too. Before we know it, our kids have a whole digital history they didn’t eve...
Chrome zero-day under active attack: visiting the wrong site could hijack your browser
Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome’s V8 engine, which is the part of Chrome and other Chromium-based browsers that runs JavaScrip...
Your coworker is tired of AI “workslop” (Lock and Code S06E23)
This week on the Lock and Code podcast … Everything's easier with AI… except having to correct it. In just the three years since OpenAI released ChatGPT, not only has onlife life changed at home—it's also changed at work. Some of the biggest software companies today, like Microsoft and Google, ar...
A week in security (November 10 – November 16)
Last week on Malwarebytes Labs: Be careful responding to unexpected job interviews Your passport, now on your iPhone. Helpful or risky? 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers Are you paying more than other people? NY cracks down on surveillance pricing We opened a...
Are you paying more than other people? NY cracks down on surveillance pricing
When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...
Cyberattacks on UK water systems reveal rising risks to critical infrastructure
Digital intruders have been targeting UK drinking water systems in what seems to be a growing risk. Recorded Future News sent a request to the UK's Drinking Water Inspectorate DWI, the organization responsible for ensuring that drinking water is safe, for details on cyberattacks affecting the...
“Sneaky” new Android malware takes over your phone, hiding in fake news and ID apps
Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps—like a news reader or even digital ID apps—tricking users into downloading it by accident. In reality, it’s Android-targeting...
Sling TV turned privacy into a game you weren’t meant to win
Streaming service Sling TV has settled with the California Attorney General over allegations that it blocked users from exercising their privacy rights. The company will pay $530,000 after being accused of making it difficult for customers to opt out of its data collection practices. The Californ...
Would you sext ChatGPT? (Lock and Code S06E22)
This week on the Lock and Code podcast … In the final, cold winter months of the year, ChatGPT could be heating up. On October 14, OpenAI CEO Sam Altman said that the "restrictions" that his company previously placed on their flagship product, ChatGPT, would be removed, allowing, perhaps, for...
Malwarebytes aces PCMag Readers’ Choice Awards and AVLab Cybersecurity Foundation tests
Malwarebytes proudly topped three categories in PCMag’s 2025 Readers’ Choice Awards, recognized for exceptional protection and user satisfaction. We also earned the latest badge from AVLab Cybersecurity Foundation’s September “Advanced In-The-Wild Malware Test” by blocking 100% of malware samples...
A week in security (October 27 – November 2)
Last week on Malwarebytes Labs: Update Chrome now: 20 security fixes just landed How scammers use your data to create personalized tricks that work Ransomware gang claims Conduent breach: what you should watch for next Fake PayPal invoice from Geek Squad is a tech support scam Atlas browser’s...
How scammers use your data to create personalized tricks that work
Think of your digital footprint as your online shadow—the trail you leave behind whenever you browse, post, shop, or even appear in someone’s contact list. It’s your likes, reviews, comments, and all the little traces you didn’t mean to share. Together, they paint a picture of you—one that friend...
School’s AI system mistakes a bag of chips for a gun
An artificial intelligence AI detection system at Kenwood High School mistakenly flagged a student’s bag of potato chips as a gun, triggering a police response. The 16-year-old had finished eating a bag of Doritos and crumpled it up in his pocket when he was done. But the school’s AI-based gun...
Is AI moving faster than its safety net?
You’ve probably noticed that artificial intelligence, or AI, has been everywhere lately—news, phones, apps, even in your browser. It seems like everything suddenly wants to be “powered by AI.“ If it’s not, it’s considered old school and boring. It’s easy to get swept up in the promise: smarter...
Zero-click Dolby audio bug lets attackers run code on Android and Windows devices
Researchers from Google’s Project Zero discovered a medium-severity remote code execution RCE vulnerability that affects multiple platforms, including Android Samsung and Pixel devices and Windows. Remote code execution means an attacker could run programs on your device without your permission...
What does Google know about me? (Lock and Code S06E21)
This week on the Lock and Code podcast … Google is everywhere in our lives. It's reach into our data extends just as far. After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the othe...
Prosper data breach puts 17 million people at risk of identity theft
Peer-to-peer lending marketplace Prosper detected unauthorized activity on their systems on September 2, 2025. It published an FAQ page later that month to address the incident. During the incident, the attacker stole personal information belonging to Prosper customers and loan applicants. As...
AI-driven scams are preying on Gen Z’s digital lives
Gone are the days when extortion was only the plot line of crime dramas—today, these threatening tactics target anyone with a smartphone. As AI makes fake voices and videos sound and look real, high-pressure plays like sextortion, deepfakes, and virtual kidnapping feel more believable than ever...
Millions of (very) private chats exposed by two AI companion apps
Cybernews discovered how two AI companion apps, Chattee Chat and GiMe Chat, exposed millions of intimate conversations from over 400,000 users. This is not the first time we have to write about AI "girlfriends" exposing their secrets—and it probably won't be the last. This latest incident is a...
Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data
Just when you think extortionists can’t sink any lower, along comes a lowlife that manages to surprise you. The BBC reported that a group calling itself "Radiant" claims to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the UK, US, China, an...
Scammers are impersonating the FBI to steal your personal data
Been scammed? Hoping to report it to the FBI? Definitely do so, but be careful. Spoofed versions of the FBI's Internet Crime Complaint Center IC3 website are now circulating online, and they lead straight back to the scammers. The FBI issued an advisory last week, warning that cybercriminals are...
224 malicious apps removed from the Google Play Store after ad fraud campaign discovered
Researchers have discovered a large ad fraud campaign on Google Play Store. The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign "SlopAds." Ad fraud is a...
Airline data broker selling 5 billion passenger records to US government
We already knew that the US airline industry gave the government access to passenger records. However, this week it emerged that at least five billion passenger records are being sold to government agencies via a searchable database—far more than was initially believed. A few weeks ago,...
“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study
As if ransomware wasn’t enough of a security problem for the sector, educational institutions also need to worry about their own students, a recent study shows. Last week, the UK Information Commissioner’s Office ICO published a report about the "insider threat of students". Here are a few key...
Watch out for the “We are hiring” remote online evaluator message scam
Looking at our team’s recent text messages, you’d think that remote online evaluators are in high demand right now. Several members of our team have received the almost exact same job offer scam texts. The content of the messages is almost identical, but there is a variation in background images...
Meta ignored child sex abuse in VR, say whistleblowers
Two former employees at Meta testified against the company at a Senate hearing this week, accusing it of downplaying the dangers of child abuse in its virtual reality VR environment. The whistleblowers say they saw incidents where children were asked for sex acts and nude photos in Facebook's VR...
When AI chatbots leak and how it happens
In a recent article on Cybernews there were two clear signs of how fast the world of AI chatbots is growing. A company I had never even heard of had over 150 million app downloads across its portfolio, and it also had an exposed unprotected Elasticsearch instance. This needs a bit of an...
Fake Bureau of Motor Vehicles texts are after your personal and banking details
Scammers are sending out texts that claim to be from the Bureau of Motor Vehicles BMV, saying that you have outstanding traffic tickets. Here's an example, which was sent to one of our employees. “Ohio BMV Final Notice: Enforcement Begins September 10nd. Our records indicate that as of today, you...
Popeyes, Tim Hortons, Burger King platforms have “catastrophic” vulnerabilities, say hackers
Two ethical hackers say they have uncovered massive security vulnerabilities in the platforms hosted by Restaurant Brands International RBI. RBI is one of the world's largest quick service restaurant companies. It was formed in 2014 through a $12.5 billion merger of the American fast food chain...
Update your Android! Google patches 111 vulnerabilities, 2 are critical
Google has patched 111 vulnerabilities in Android, including two critical flaws, in its September 2025 Android Security Bulletin. While the last few months have been quite calm regarding the number of vulnerabilities, this month is a real whopper with 111, compared to 6 in August and none in July...
PayPal users targeted in account profile scam
A co-worker forwarded this rather convincing PayPal scam to me. Thanks Elena. A highly sophisticated email scam is targeting PayPal users with the subject line of "Set up your account profile." We decided to see what the scammers are after. First thing to do is to look at the headers: The sender...
Claude AI chatbot abused to launch “cybercrime spree”
Anthropic—the company behind the widely renowned coding chatbot, Claude—says it uncovered a large-scale extortion operation in which cybercriminals abused Claude to automate and orchestrate sophisticated attacks. The company issued a Threat Intelligence report in which it describes several...
All Apple users should update after company patches zero-day vulnerability in all platforms
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability a vulnerability which Apple was previously unaware of that is reportedly being used in targeted attacks. The updates cover: iOS 18.6.2 and iPadOS 18.6.2 iPhone XS and later, iPad Pro 13-inch, iPad Pro...
National Public Data returns after massive Social Security Number leak
Remember that data broker nobody had ever heard of, but managed to leak a database which contained the data of some 2.9 billion people? It's back, and this time with a search function. National Public Data suffered an alleged breach in 2024 against a data base that, it turned out, carried 272...
Perplexity AI ignores no-crawling rules on websites, crawls them anyway
Imagine putting up a no-trespassing sign for people walking their dogs, and then finding out that one person dresses up their Great Dane as a calf and walks it on your grounds. Well that's sort of what AI answer engine Perplexity has been doing, by evading the no-crawl directives of websites,...
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI
Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR code which leads to a website aimed at stealing personal data or downloading malware to the victim's device. The packages are often shipped witho...
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google
A little-known ChatGPT "feature" is now gone. It could be a good thing. On X, OpenAI Chief Information Security Officer Dane Stuckey announced that OpenAI "removed a feature from ChatGPT that allowed users to make their conversations discoverable by search engines, such as Google." Stuckey called...
How the FBI got everything it wanted (re-air) (Lock and Code S06E15)
This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...
“Ring cameras hacked”? Amazon says no, users not so sure
In the last week, countless Amazon Ring users on TikTok, Reddit, and X have been saying they believe their Ring cameras were hacked starting May 28. Many posted screenshots of their accounts, showing multiple unauthorized device logins, making these claims hard to ignore. Forbes looked into the...
Chrome fixes 6 security vulnerabilities. Get the update now!
Google has released an update for its Chrome browser to patch six security vulnerabilities, including one zero-day. This update is crucial since it addresses one actively exploited vulnerability which can be abused when the user visits a malicious website. It doesn’t require any further user...