4658 matches found
Grok chats show up in Google searches
I’m starting to feel like a broken record, but I feel you should know that yet another AI has been found sharing private conversations so that Google was able to index them, and now they can be found in search results. It’s déjà vu in the world of AI: another day, another exposé about chatbot...
Google settles YouTube lawsuit over kids’ privacy invasion and data collection
Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of...
AI-powered stuffed animals: A good alternative for screen time?
Are AI Artificial Intelligence-powered stuffed animals really the best alternative to screen time that we want to offer our children? Some AI startups think so. One of those startups is Curio, a company that describes itself as “a magical workshop where toys come to life.” Curio offers three...
Instagram Map: What is it and how do I control it?
Instagram Map is a new feature—for Instagram, anyway—that users may have enabled without being fully aware of the consequences. The Map feature launched in the US on August 6, 2025, and is reportedly planned for a global rollout "soon." As of mid-August 2025, not all users outside the US,...
A week in security (August 11 – August 17)
Last week on Malwarebytes Labs: Italian hotels breached for tens of thousands of scanned IDs National Public Data returns after massive Social Security Number leak Romance scammers in Ghana charged with more than $100 million in theft Netflix scammers target jobseekers to trick them into handing...
Online portal exposed car and personal data, allowed anyone to remotely unlock cars
A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...
A week in security (August 4 – August 10)
Last week on Malwarebytes Labs: Adult sites trick users into Liking Facebook posts using a clickjack Trojan Facebook users targeted in ‘login’ phish TeaOnHer, the male version of Tea, is leaking personal information on its users too How Google, Adidas, and more were breached in a Salesforce scam...
Facebook users targeted in ‘login’ phish
A few weeks ago we warned our readers of a phishing campaign targeting Instagram users that didn’t resort to the usual links to phishing websites, but used mailto: links instead. Now, it seems that these scammers have turned their attention to Facebook users. It works like this: The target receiv...
Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight
It seems like it's hard to move on social media without some kind of mention of weight-loss injections these days. And, sure, these drugs can have a positive affect for many people, but not all these cases of weight loss are real, nor are the people promoting them who they say they are. Weight-lo...
Alleged ‘tap-in’ scammer advertised services on social media
Would you give a complete stranger your credit card in return for the promise of easy money? No, neither would we. But apparently well over a hundred people did. Hillsborough County Sheriff's Office arrested 24 year-old Janetcilize Martinez in Tampa, FL, for allegedly using willing participants'...
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI
Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR code which leads to a website aimed at stealing personal data or downloading malware to the victim's device. The packages are often shipped witho...
Trump Administration and Big Tech want you to share your health data
US President Donald Trump announced a loose plan Wednesday to allow Americans to voluntarily upload and port their medical records across hospitals, clinics, technology companies, and health apps, with broad participation from Google, Apple, OpenAI, Amazon, and more. While the system could help...
Prison visitor details shared with all inmates at correctional facility
The Everglades Correctional Institution ECI in Miami-Dade County has leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate. The inmates received an email last week sent by a staff member that included the personal information of the visitors. Inmates...
Allianz Life says majority of 1.4 million US customers’ info breached
Insurance company Allianz Life was breached, exposing the data of most of its 1.4 million American customers. According to Allianz, an attacker gained access to a third-party, cloud-based Customer Relationship Management CRM system through social engineering. The company filed a data breach...
Steam games abused to deliver malware once again
A cybercriminal known as EncryptHub aka Larva-208 has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in...
Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant
You ever get that feeling when you double-check the locks, but still wonder if you’ve missed something? That’s what a lot of people feel about cybersecurity. That’s where Malwarebytes Trusted Advisor comes in. You can see it as your very own cybersecurity personal assistant, giving you real-time...
AI-generated image watermarks can be easily removed, say researchers
Now that AI can make fake images that look real, how can we know what's legitimate and what isn't? One of the primary ways has been the use of defensive watermarking, which means embedding invisible markers in AI-generated images to show they were made up. Now, researchers have broken that...
Meta execs pay the pain away with $8 billion privacy settlement
Meta chief Mark Zuckerberg and several other members of the social media giant's top brass agreed to settle increasingly heated privacy violation claims for the price of $8 billion. It is far from the first time that the company, its subsidiary Facebook, or its executives have responded to allege...
WeTransfer walks back clause that said it would train AI on your files
File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded. The change was made after criticisms from its users. The company had quietly inserted the new language in the terms and conditions on its website. Sometime...
Zoom attack tricks victims into allowing remote access to install malware and steal money
Be careful when talking to people you've not met with before over the Zoom video conferencing system; you might get more than you bargained for. Two CEOs were recently targeted by a Zoom-based attack. One spotted it in time - and sadly, one did not. The attack is by a crime group that the Securit...
Did DOGE “breach” Americans’ data? (Lock and Code S06E08)
This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...
Roblox called “real-life nightmare for children” as Roblox and Discord sued
Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord. The court action—charging them with the facilitation of child predators and misleading parents into believing the platforms are safe to use for their children—centers...
Protected: zQA Content Editing Styles
This content is password protected. To view it please enter your password below: Password:...
Macs targeted by infostealers in new era of cyberthreats
The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of “infostealers,” which have long plagued Windows devices but, in the...
12 Million Zacks accounts leaked by cybercriminal
A cybercriminal claimed to have stolen 15 million data records from the customers and clients of the company Zacks—a number that a separate investigation, after analysis, shaved down to just 12 million. Zacks is an investment research company best known for its "Zacks Ranks," which are daily list...
AI tool GeoSpy analyzes images and identifies locations in seconds
It's just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence AI supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on...
DNA testing company vanishes along with its customers’ genetic data
.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id12063564d0c4-23margin-top:0px;margin-bottom:var--global-kb-spacing-sm, 1.5rem;.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrap...
Romance scams costlier than ever: 10 percent of victims lose $10,000 or more
Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter. More than 66 percent of 850 respondents have been targeted by a romance scam, and those that were ensnared paid a hefty...
A week in security (September 16 – September 22)
Last week on Malwarebytes Labs: "Simply staggering" surveillance conducted by social media and streaming services, FTC finds Tor anonymity compromised by law enforcement. Is it still safe to use? Walmart customers scammed via fake shopping lists, threatened with arrest Snapchat wants to put your...
Thousands of D-Link routers under control of AryStinger botnet
Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end‑of‑life D‑Link routers and some network-attached storage NAS devices, turning them into a distributed scanning and proxy network that attackers can use to hide their activity and launch...
A fake Slack download is giving attackers a hidden desktop on your machine
A trojanized Slack download from a typosquatting website is giving attackers something most users wouldn’t even know to look for: a hidden desktop running on their machine. The installer looks legitimate and even launches a working copy of Slack. But in the background, it can create an invisible...
Killer robots are here. Now what? (Lock and Code S07E07)
Big news : Lock and Code is nominated for a Webby Award! You can help us win the People's Voice Award by voting here. Vote now! This week on the Lock and Code podcast … We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instea...
Fake Pudgy World site steals your crypto passwords
A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme. Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual...
Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law
Disney will pay a $10m settlement over allegations that it violated kids' privacy rights, the Federal Trade Commission FTC said this week. The agreement, first proposed in September 2025, resolves a dispute over Disney's labeling of child-targeted content on YouTube. The thousands of YouTube vide...
What the Flock is happening with license plate readers?
You’re driving home after another marathon day of work and kid-shuttling, nursing a lukewarm coffee in a mug that's trying too hard. As you turn onto your street, something new catches your eye. It's a tall pole with a small, boxy device perched on top. But it's not a bird-house and there's no...
Researchers break OpenAI guardrails
The maker of ChatGPT released a toolkit to help protect its AI from attack earlier this month. Almost immediately, someone broke it. On October 6, OpenAI ran an event called DevDay where it unveiled a raft of new tools and services for software programmers who use its products. As part of that, i...
Fake VPN and streaming app drops malware that drains your bank account
Security researchers are warning Android users to delete a fake VPN and streaming app that can let criminals take over their phones and drain their bank accounts. The app, Mobdro Pro IP TV + VPN, was discovered by researchers at Cleafy to be a malicious sideloaded app, not a legitimate VPN. Their...
“Can you test my game?” Fake itch.io pages spread hidden malware to gamers
You get a message from a Discord friend. Or maybe an unknown indie developer reaches out to you. “Can you test my game?” they ask. The webpage they send over a link to looks legit: screenshots, dev blurb, itch.io-style layout, and the download button is right there, waiting to be clicked. The...
Sex offenders, terrorists, drug dealers, exposed in spyware breach
We've covered spyware and stalkerware leaks many times before, but we don't often see such exposure in software used by law enforcement. According to a report by Straight Arrow News SAN, the hacker “wikkid” said the intrusion against RemoteCOM was “one of the easiest” they’d ever carried out...
American Archive of Public Broadcasting allowed access to restricted media for years
A security flaw in the American Archive of Public Broadcasting AAPB website allowed unauthorized access to protected and private media, according to BleepingComputer. The American Archive of Public Broadcasting AAPB is a collaborative initiative between the Library of Congress and WGBH Educationa...
ChatGPT Deep Research zero-click vulnerability fixed by OpenAI
OpenAI has moved quickly to patch a vulnerability known as “ShadowLeak” before anyone detected real-world abuse. Revealed by researchers yesterday, ShadowLeak was an issue in OpenAI’s Deep Research project that attackers could exploit by simply sending an email to the target. Deep Research was...
Disrupted phishing service was after Microsoft 365 credentials
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365. The primary goal of RaccoonO365 or Storm-2246 as Microsoft calls it was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000...
Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind
If you ever have the feeling your computer is dragging its feet, or shows odd behavior, you’re not alone. In some cases, the culprit is indeed malware, but often it’s something more mundane. Over time, baggage accumulates, much like a toddler’s backpack after a day in the forest. Too many apps...
Popular Android VPN apps found to have security flaws and China links
People use VPNs for different security and privacy reasons, to access content anonymously, or to bypass content controls and age verification by pretending to be in different places. But not all VPNs are created equal. A recent report has revealed that many of them might allow others to sniff you...
A week in security (August 25 – August 31)
Last week on Malwarebytes Labs: Microsoft wants to automatically save your Word docs to the cloud "No place in our networks": FCC hangs up on thousands of voice operators in robocall war Claude AI chatbot abused to launch "cybercrime spree" Developer verification: a promised lift for Android...
Microsoft wants to automatically save your Word docs to the cloud
Microsoft has revealed it plans to automatically save all Word document to the cloud. The feature is currently only available to Microsoft 365 Insiders, although it's likely to expand this to all users in the future. Microsoft proudly announced: “We are modernizing the way files are created and...
Developer verification: a promised lift for Android security
To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed. But this new measure is not just about malware that's found on the Google Play Store, it’s main...
More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw
TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim's Android phone. It then monitors that phone's...
Meta accessed women’s health data from Flo app without consent, says court
A jury has ruled that Meta accessed sensitive information from a woman's reproductive health tracking app without consent. The app in question is called Flo Health. Developed in 2015 in Belarus to track menstrual cycles, it has evolved over the years as a tracking app for highly detailed, intimat...
Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection
We’re excited to announce that MRG Effitas, a globally recognized security assessment firm, has awarded Malwarebytes the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security. Our mobile protection received the highest marks, achieving a...