Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2025/11/18 11:21 a.m.7 views

Why it matters when your online order is drop-shipped

Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It's not inherently fraudulent, but it can leave you disappointed,...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/13 10:15 a.m.7 views

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat. What it does If the recipient had opened the attached Visual Basic Script .vbs file, it woul...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/05 1:46 p.m.7 views

Should you let Chrome store your driver’s license and passport?

Google has rolled out a new autofill feature for Chrome that goes beyond storing just your passwords, addresses, and credit card numbers. The new "enhanced autofill" can now stash your driver's license, passport details, VIN, or license plate information. Sounds convenient, right? But just becaus...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/29 12:8 p.m.7 views

Gmail breach panic? It’s a misunderstanding, not a hack

After a misinterpretation of an interview with a security researcher, several media outlets hinted at a major Gmail breach. Reporters claimed the incident took place in April. In reality, the researcher had said there was an enormous amount of Gmail usernames and passwords circulating on the dark...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/28 2:23 p.m.7 views

Around 70 countries sign new UN Cybercrime Convention—but not everyone’s on board

Around 70 countries have signed the new United Nations UN Convention against Cybercrime—the first global treaty designed to combat cybercrime through unified international rules and cooperation. The treaty needs at least 40 UN member states to ratify it before it becomes international law. Once t...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/27 2:53 p.m.7 views

How to set up two factor authentication (2FA) on your Instagram account

Two-factor authentication 2FA isn't foolproof, but it is one of the best ways to protect your accounts from hackers. It adds a small extra step when logging in, but that extra effort pays off. Instagram’s 2FA requires an additional code whenever you try to log in from an unrecognized device or...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/21 11:15 a.m.7 views

Windows update breaks USB support in recovery mode

We usually tell our faithful readers to install updates as soon as possible, but this time there’s an exception. Microsoft’s October security update has disabled USB mice and keyboards in the Windows Recovery Environment WinRE. WinRE is a special mode built into Windows that helps you fix problem...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/21 10:33 a.m.7 views

You can poison AI with just 250 dodgy documents

Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic which produces...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/20 2:26 p.m.7 views

What does Google know about me? (Lock and Code S06E21)

This week on the Lock and Code podcast … Google is everywhere in our lives. It's reach into our data extends just as far. After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the othe...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/13 7:19 a.m.7 views

A week in security (October 6 – October 12)

Last week on Malwarebytes Labs: Apple voices concerns over age-check law that could put user privacy at risk Your passwords don’t need so many fiddly characters, NIST says Millions of very private chats exposed by two AI companion apps Fake VPN and streaming app drops malware that drains your ban...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/10 3:27 p.m.7 views

Apple voices concerns over age-check law that could put user privacy at risk

Apple has raised concerns about a new Texas state law, SB 2420, which introduces age assurance requirements for app stores and app developers. One of its main objections is that the requirements are over the top and don’t take into account what the user is actually trying to do. Apple stated: “We...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/08 2:37 p.m.7 views

Modeling scams see mature models as attractive new prospects

The BBC reported on modeling scams targeting older models. Modeling scams aren't new, but it’s worth looking at how they spread today, how to spot them, and—most importantly—how to avoid falling victim to them. The classic pitch goes like this: Someone walks up to you in the street and says, "You...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/08 12:29 p.m.7 views

Is your computer mouse eavesdropping on you?

The short answer is: probably not, but theoretically it’s possible. Researchers at the University of California found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. The method uses high-performance optical sensors in optical...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/02 5:55 p.m.7 views

Your Meta AI conversations may come back as ads in your feed

Meta has announced that conversations with its AI assistant will soon be used for targeted advertising. If you’re the kind of person that notices ads for products just after you spoke about them, you won't be happy about this update. Meta AI is the company’s generative AI assistant, built into...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/29 3:24 p.m.7 views

Amazon pays $2.5B settlement over deceptive Prime subscriptions

Another day, another settlement. Amazon has settled a lawsuit filed by the Federal Trade Commission FTC over misleading customers who signed up for Amazon Prime—though it claims it did nothing wrong. The FTC alleged that Amazon used deceptive methods to sign up consumers for Prime subscriptions—a...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/29 7:1 a.m.7 views

A week in security (September 22 – September 28)

Last week on Malwarebytes Labs: Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data Google and Flo to pay $56 million after misusing users’ health data Neon App pays users to record their phone calls, sells data for AI training updated New SVG-based phishing campaign ...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/26 1:27 p.m.7 views

Google and Flo to pay $56 million after misusing users’ health data

Popular period-tracking app Flo Health shared users’ intimate health data—such as menstrual cycles and fertility information—with Google and Meta, allegedly for targeted advertising purposes, according to multiple class-action lawsuits filed in the US and Canada. Between 2016 and 2019, the...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/25 11:11 a.m.7 views

TikTok is misusing kids’ data, says privacy watchdog

A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/19 12:20 p.m.7 views

ChatGPT Deep Research zero-click vulnerability fixed by OpenAI

OpenAI has moved quickly to patch a vulnerability known as “ShadowLeak” before anyone detected real-world abuse. Revealed by researchers yesterday, ShadowLeak was an issue in OpenAI’s Deep Research project that attackers could exploit by simply sending an email to the target. Deep Research was...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/18 1:25 p.m.7 views

Disrupted phishing service was after Microsoft 365 credentials

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365. The primary goal of RaccoonO365 or Storm-2246 as Microsoft calls it was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/12 3:34 p.m.7 views

From Fitbit to financial despair: How one woman lost her life savings and more to a scammer

We hear so often about people falling for scams and losing money. But we often don’t find out the real details of what happened, and how one "like" can turn into a nightmare that controls someone’s life for many years. This is that story. Not too long ago, a scam victim named Karen reached out to...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/10 1:22 p.m.7 views

Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/10 12:53 p.m.7 views

Pre-approved GLP-1 prescription scam could be bad for your health

A co-worker received a text which is, unfortunately, becoming more common. The text pretends to come from a doctor and states a weight-loss medication prescription has been approved. “Good morning. This is Dr. Santos. I pre-approved your GLP1 prescription. You may start treatment as of 09/04...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/01 1:42 p.m.7 views

How to set up two-step verification on your WhatsApp account

Two step verification is the name Meta uses for what is generally referred to as Two-factor authentication 2FA. 2FA is not fool-proof, but it is one of the best ways to protect your accounts from hackers. It adds an extra step when logging in, which is a small extra effort for you, but it...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/27 12:32 p.m.7 views

More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim's Android phone. It then monitors that phone's...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/22 4:32 p.m.7 views

Clickjack attack steals password managers’ secrets

Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/14 4:0 p.m.7 views

Romance scammers in Ghana charged with more than $100 million in theft

The Department of Justice DOJ extradited and indicted 4 Ghanaian nationals for allegedly stealing more than $100 million, mainly through romance scams and business email compromises. According to a report from Comparitech, nearly 59,000 Americans fell victim to romance scams in 2024, losing an...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/12 1:0 p.m.7 views

That “Amazon Safety Recall” message may well be a scam

Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon. The text message tells you that the item does not meet Amazon’s standards, and tries to install some urgency by claiming it is not safe to use. It also includes a link...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/11 1:18 p.m.7 views

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/11 7:2 a.m.7 views

A week in security (August 4 – August 10)

Last week on Malwarebytes Labs: Adult sites trick users into Liking Facebook posts using a clickjack Trojan Facebook users targeted in ‘login’ phish TeaOnHer, the male version of Tea, is leaking personal information on its users too How Google, Adidas, and more were breached in a Salesforce scam...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/08/07 10:56 a.m.7 views

How Google, Adidas, and more were breached in a Salesforce scam

At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse—making a phone call. By disguising themselves as IT support personnel on the phone, hacker...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/29 3:38 p.m.7 views

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/28 7:1 a.m.7 views

A week in security (July 21 – July 27)

A list of topics we covered in the week of July 21 to July 27 of 2025 Last week on Malwarebytes Labs: Steam games abused to deliver malware once again Watch out: Instagram users targeted in novel phishing campaign Age verification: Child protection or privacy risk? iPhone vs. Android: iPhone user...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/25 4:41 p.m.7 views

Steam games abused to deliver malware once again

A cybercriminal known as EncryptHub aka Larva-208 has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/24 1:41 p.m.7 views

Age verification: Child protection or privacy risk?

With governments demanding actual age verification on websites with adult content, and platforms like social media and Roblox introducing restrictions based on a user’s age, the controversy about different types of age verification and their implications is growing. Last week, Roblox announced ne...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/24 12:58 p.m.7 views

iPhone vs. Android: iPhone users more reckless, less protected online

The smartphone wars have a winner, and it’s Android. No, this isn’t about which device has the best camera, the snappiest processor, or the flashiest AI features—this is about which device owners are safer online, and in many ways, it is Android users who take the crown. According to a new analys...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/16 1:39 p.m.7 views

Dating app scammer cons former US army colonel into leaking national secrets

Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app. David Slater was a retired colonel in the US army who took up work as a civilian at US Strategic Command,...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/10 1:33 p.m.7 views

Deepfake criminals impersonate Marco Rubio to uncover government secrets

Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government. News emerged this week of an AI-powered attack that impersonated US Secretary of State Marco Rubio. Authorities don't know who was behind the incident. A US State Department cable...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/07 11:14 a.m.7 views

Gamers hacked playing Call of Duty: WWII—PC version temporarily taken offline

On Saturday, the Call of Duty team announced that the PC version of Call of Duty: WWII has been taken offline following "reports of an issue." That issue seems to be a serious security problem, after reports surfaced about a remote code execution RCE vulnerability in the game. After Microsoft’s...

8.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/03 10:38 a.m.7 views

Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams

Microsoft, DocuSign, Adobe, McAfee, NortonLifeLock, PayPal, and Best Buy’s Geek Squad are being impersonated online through malicious emails that contain fake telephone support numbers and dangerous QR codes that can ensnare victims into phishing scams. The brands and their products are frequentl...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/06/30 7:6 a.m.7 views

A week in security (June 23 – June 29)

Last week on Malwarebytes Labs: Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks Thousands of private camera feeds found online. Make sure yours isn’t one of them Sextortion email scammers increase their "Hello pervert" money demands Many data brokers are faili...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/06/25 9:41 a.m.7 views

Sextortion email scammers increase their “Hello pervert” money demands

Every so often the sextortion emails that start with “Hello pervert” get a redesign. You may have received one yourself: The emails claim that the sender has been watching your online behavior and caught you red-handed doing activities that you would like to keep private. The email usually starts...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/06/23 12:47 p.m.7 views

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Russian hackers have bypassed Google's multi-factor authentication MFA in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group GTIG. The hackers pulled this off by posing as US Department of State officials in advanced social engineering attack...

8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/22 12:17 p.m.7 views

Lumma information stealer infrastructure disrupted

The US Department of Justice DOJ and Microsoft have disrupted the infrastructure of the Lumma information stealer infostealer. Lumma Stealer, also known as LummaC or LummaC2, first emerged in late 2022 and quickly established itself as one of the most prolific infostealers. Infostealers is the na...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/10 10:21 p.m.7 views

X users report login troubles as Dark Storm claims cyberattack

In the early morning hours of March 10, thousands of users on X formerly Twitter began having trouble logging into the platform. It was only the first service blip of at least three to come that same day and, if one cybercriminal group is to be believed, it was all on purpose. “Twitter has been...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/04 9:7 p.m.7 views

PayPal scam abuses Docusign API to spread phishy emails

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We've received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface API allows “customers” to send emails that come from genuine...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/02/24 8:17 a.m.7 views

A week in security (February 17 – February 23)

Last week on Malwarebytes Labs: Healthcare security lapses keep piling up SecTopRAT bundled in Chrome installer distributed via Google Ads Google Docs used by infostealer ACRStealer as part of attack DeepSeek found to be sharing user data with TikTok parent company ByteDance Malwarebytes introduc...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/02/17 8:12 a.m.7 views

A week in security (February 10 – February 16)

Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown Lock and Code S06E03 Apple ordered to grant access to users’ encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in "extremely...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/02/14 6:24 p.m.7 views

12 Million Zacks accounts leaked by cybercriminal

A cybercriminal claimed to have stolen 15 million data records from the customers and clients of the company Zacks—a number that a separate investigation, after analysis, shaved down to just 12 million. Zacks is an investment research company best known for its "Zacks Ranks," which are daily list...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/02/13 9:8 p.m.7 views

How AI was used in an advanced phishing campaign targeting Gmail users

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence AI in their scams. At the time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud scheme...

7.5AI score
Exploits0
Total number of security vulnerabilities4706