Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2026/04/08 1:31 p.m.7 views

Russian hacking group targets home and small office routers to spy on users

British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office SOHO routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which we’ll refer to as APT28, bu...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/07 11:57 a.m.7 views

Traffic violation scams swap links for QR codes to steal your card details

As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/06 7:1 a.m.7 views

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands "DarkSword" patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/05 11:10 p.m.7 views

Killer robots are here. Now what? (Lock and Code S07E07)

Big news : Lock and Code is nominated for a Webby Award! You can help us win the People's Voice Award by voting here. Vote now! This week on the Lock and Code podcast … We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instea...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/02 2:13 p.m.7 views

Apple expands “DarkSword” patches to iOS 18.7.7

Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/31 7:40 p.m.7 views

Asking AI for personal advice is a bad idea, Stanford study shows

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/27 1:34 p.m.7 views

Criminals are renting virtual phones to bypass bank security

Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions. Cloud phones are virtual Android devices that can fully mimic real device fingerprints model, hardware, IP, timezone, sensor data, behavior. This allows them to undermine banks’...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/26 10:43 a.m.7 views

Landmark verdicts put Meta’s “addiction machine” platforms on trial

Meta faced two major legal setbacks this week as courts in New Mexico and California both found the company liable for harm to children. A New Mexico jury just ordered Meta to pay $375 million for misleading parents about child safety on Instagram and Facebook. Jurors found the company violated...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/25 4:19 p.m.7 views

Hackers claim to have accessed data tied to millions of crime tipsters

Millions of crime tips may have been exposed after a hacker group claims to have compromised systems used by Crime Stoppers programs and other organizations worldwide. The incident centers on P3 Global Intel, a Texas-based provider of cloud-based tip and intelligence management software owned by...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/19 11:33 a.m.7 views

Your tax forms sell for $20 on the dark web

Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/17 4:10 p.m.7 views

Fake Pudgy World site steals your crypto passwords

A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme. Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/16 2:22 p.m.7 views

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/13 12:58 p.m.7 views

[updated] Google patches two Chrome zero-days under active attack

Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Original content: Google has released an...

8.8CVSS6.7AI score0.02EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/03/10 10:38 a.m.7 views

Hackers may have breached FBI wiretap network via supply chain

Investigators are worried that a recent attack on a critical FBI system was more than just a random hit, and that another nation-state might have been involved. On February 17, the FBI flagged irregular network activity that led straight to its Digital Collection System Network. That system...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/09 1:7 p.m.7 views

Fake Claude Code install pages hit Windows and Mac users with infostealers

Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/04 12:53 p.m.7 views

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks

Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to phishing or malware pages, without ever completing a successful sign‑in or stealing tokens from the OAuth flow itself. That calls for a bit more explanation. OAuth Open Authorizatio...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/03 4:5 p.m.7 views

Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over

On Friday the US Pentagon cut ties with Anthropic, the company behind Claude AI. Defense Secretary Pete Hegseth designated the San Francisco-based company a "supply-chain risk to national security." The supply-chain risk designation means that no contractor, supplier, or partner doing business wi...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/26 6:52 p.m.7 views

How to understand and avoid Advanced Persistent Threats

By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/26 10:34 a.m.7 views

Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later

Meta took six years to blur explicit images on Instagram, even though internal emails show executives were aware in 2018 that minors were receiving them, according to newly unsealed court documents. In a deposition given last year, Adam Mosseri now the head of Instagram discusses an email thread...

5.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/24 8:28 a.m.7 views

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/19 2:46 p.m.7 views

AI-generated passwords are a security risk

Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...

5.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/10 1:28 p.m.7 views

Man tricked hundreds of women into handing over Snapchat security codes

Fresh off a breathless Super Bowl Sunday, we're less thrilled to bring you this week's Weirdo Wednesday. Two stories caught our eye, both involving men who crossed clear lines and invaded women's privacy online. Last week, 27-year-old Kyle Svara of Oswego, Illinois admitted to hacking women's...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/06 2:43 p.m.7 views

Apple Pay phish uses fake support calls to steal payment details

It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target’s stomach drop. The message claimed Apple has stopped a high‑value Apple Pay charge at an Apple Store, complete with a case ID, timestamp, and a warning that the...

5.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/04 1:50 p.m.7 views

Grok continues producing sexualized images after promised fixes

Journalists decided to test whether the Grok chatbot still generates non‑consensual sexualized images, even after xAI, Elon Musk’s artificial intelligence company, and X, the social media platform formerly known as Twitter, promised tighter safeguards. Unsurprisingly, it does. After scrutiny from...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/03 4:55 p.m.7 views

An AI plush toy exposed thousands of private chats with children

Bondu’s AI plush toy exposed a web console that let anyone with a Gmail account read about 50,000 private chats between children and their cuddly toys. Bondu's toy is marketed as: “A soft, cuddly toy powered by AI that can chat, teach, and play with your child.” What it doesn’t say is that anyone...

5.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/29 9:6 p.m.7 views

Meta confirms it’s working on premium subscription for its apps

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/28 2:34 p.m.7 views

Malicious Chrome extensions can spy on your ChatGPT chats

Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata. The 16 malicious extensions 15 for Chrome and 1 for Edge claim to improve and optimize...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/21 12:32 p.m.7 views

Malicious Google Calendar invites could expose private data

Researchers found a way to weaponize calendar invites. They uncovered a vulnerability that allowed them to bypass Google Calendar’s privacy controls using a dormant payload hidden inside an otherwise standard calendar invite. Image courtesy of Miggo An attacker creates a Google Calendar event and...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/20 11:40 a.m.7 views

Google will pay $8.25m to settle child data-tracking allegations

Google has settled yet another class-action lawsuit accusing it of collecting children’s data and using it to target them with advertising. The tech giant will pay $8.25 million to address allegations that it tracked data on apps specifically designated for kids. AdMob's mobile data collection Th...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/13 4:5 p.m.7 views

Data broker fined after selling Alzheimer’s patient info and millions of sensitive profiles

California's privacy regulator has fined a Texas data broker $45,000 and banned it from selling Californians' personal information after it sold Alzheimer patients' data. Texan company Rickenbacher Data LLC, which does business as Datamasters, bought and resold the names, addresses, phone numbers...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/13 12:55 p.m.7 views

Why iPhone users should update and restart their devices now

If you were still questioning whether iOS 26+ is for you, now is the time to make that call. Why? On December 12, 2025, Apple patched two WebKit zero‑day vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone 11 and newer users toward iOS 26+, because that’s where the...

7.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/12 5:3 a.m.7 views

Enshittification is ruining everything online (Lock and Code S07E01)

This week on the Lock and Code podcast … There's a bizarre thing happening online right now where everything is getting worse. Your Google results have become so bad that you’ve likely typed what you’re looking for, plus the word “Reddit,” so you can find discussion from actual humans. If you...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/07 12:19 p.m.7 views

One million customers on alert as extortion group claims massive Brightspeed data haul

US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/06 3:1 p.m.7 views

Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins

Attackers are sending very convincing fake “Google” emails that slip past spam filters, route victims through several trusted Google-owned services, and ultimately lead to a look-alike Microsoft 365 sign-in page designed to harvest usernames and passwords. Researchers found that cybercriminals us...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/06 12:22 p.m.7 views

Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law

Disney will pay a $10m settlement over allegations that it violated kids' privacy rights, the Federal Trade Commission FTC said this week. The agreement, first proposed in September 2025, resolves a dispute over Disney's labeling of child-targeted content on YouTube. The thousands of YouTube vide...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/05 8:2 a.m.7 views

A week in security (December 29 – January 4)

Last week on Malwarebytes Labs: How AI made scams more convincing in 2025 In 2025, age checks started locking people out of the internet 2025 exposed the risks we ignored while rushing AI Malware in 2025 spread far beyond Windows PCs Stay safe! We don 't just report on privacy—we offer you the...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/17 1:38 p.m.7 views

Inside a purchase order PDF phishing campaign

A PDF named "NEW Purchase Order 52177236.pdf" turned out to be a phishing lure. So we analyzed the phishing script behind it. A customer contacted me when Malwarebytes blocked the link inside a “purchase order” email they had received. Malwarebytes blocked this ionoscloud.com subdomain When I...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/15 8:3 a.m.7 views

A week in security (December 8 – December 14)

Last week on Malwarebytes Labs: The US digital doxxing of H-1B applicants is a massive privacy misstep Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer How private is your VPN? DroidLock malware locks you out of your Android device and demands ransom Malwarebytes...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/12 6:19 p.m.7 views

The US digital doxxing of H-1B applicants is a massive privacy misstep

Technology professionals hoping to come and work in the US face a new privacy concern. Starting December 15, skilled workers on H-1B visas and their families must flip their social media profiles to public before their consular interviews. It’s a deeply risky move from a security and privacy...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/11 4:57 p.m.7 views

DroidLock malware locks you out of your Android device and demands ransom

Researchers have analyzed a new threat campaign actively targeting Android users. The malware, named DroidLock, takes over a device and then holds it for ransom. The campaign to date has primarily targeted Spanish-speaking users, but researchers warn it could spread. DroidLock is delivered via...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/09 12:57 p.m.7 views

EU fines X $140m, tied to verification rules that make impostor scams easier

The European Commission slapped social networking company X with a €120 million $140 million fine last week for what it says was a lack of transparency with its European users. The fine, the first ever penalty under the EU's landmark Digital Services Act, addressed three specific violations with...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/08 3:26 p.m.7 views

How phishers hide banking scams behind free Cloudflare Pages

During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/08 1:17 p.m.7 views

Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

The FBI has warned about a new type of scam where your Facebook pictures are harvested to act as “proof-of-life” pictures in a virtual kidnapping. The scammers pretend they have kidnapped somebody and contact friends and next of kin to demand a ransom for their release. While the alleged victim i...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/08 8:3 a.m.7 views

A week in security (December 1 – December 7)

Last week on Malwarebytes Labs: Leaks show Intellexa burning zero-days to keep Predator spyware running How scammers use fake insurance texts to steal your identity Canadian police trialing facial recognition bodycams Update Chrome now: Google fixes 13 security issues affecting billions Attackers...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/04 5:55 p.m.7 views

How scammers use fake insurance texts to steal your identity

Sometimes it’s hard to understand how some scams work or why criminals would even try them on you. In this case it may have been a matter of timing. One of my co-workers received this one: “Insurance estimates for certain age ranges: 20-30 200 – 300/mo 31-40 270 – 450/mo 41-64 350 – 500/mo Please...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/03 1:33 p.m.7 views

Fileless protection explained: Blocking the invisible threat others miss

Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But what about attacks that never create files? Fileless malware is a fast-growing threat that evades traditional antivirus software, because...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/01 2:0 p.m.7 views

Malwarebytes joins Global Anti-Scam Alliance (GASA) as supporting member

We are excited to share that Malwarebytes has officially joined the Global Anti-Scam Alliance GASA as a supporting member. Working with GASA helps us stay aligned with others who are focused on reducing scams and keeping people safer online. Modern-day scams aren’t the clumsy, obvious tricks they...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/01 8:2 a.m.7 views

A week in security (November 24 – November 30)

Last week on Malwarebytes Labs: How CVSS v4.0 works: characterizing and scoring vulnerabilities Millions at risk after nationwide CodeRED alert system outage and data breach Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks Fake LinkedIn jobs trick Mac users in...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/28 12:42 p.m.7 views

How CVSS v4.0 works: characterizing and scoring vulnerabilities

The Common Vulnerability Scoring System CVSS provides software developers, testers, and security and IT professionals with a standardized way to assess vulnerabilities. You can use CVSS to assess the threat level of each vulnerability and then prioritize mitigation accordingly. This article...

8.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/21 6:45 p.m.7 views

AI teddy bear for kids responds with sexual content and advice about weapons

In testing, FoloToy’s AI teddy bear jumped from friendly chat to sexual topics and unsafe household advice. It shows how easily artificial intelligence can cross serious boundaries. It’s a fair moment to ask whether AI-powered stuffed animals are appropriate for children. It’s easy to get swept u...

6.6AI score
Exploits0
Total number of security vulnerabilities4706