4658 matches found
EU fines X $140m, tied to verification rules that make impostor scams easier
The European Commission slapped social networking company X with a €120 million $140 million fine last week for what it says was a lack of transparency with its European users. The fine, the first ever penalty under the EU's landmark Digital Services Act, addressed three specific violations with...
Deepfakes, AI resumes, and the growing threat of fake applicants
Recruiters expect the odd exaggerated resume, but many companies, including us here at Malwarebytes, are now dealing with something far more serious: job applicants who aren't real people at all. From fabricated identities to AI-generated resumes and outsourced impostor interviews, hiring pipelin...
How phishers hide banking scams behind free Cloudflare Pages
During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI
The FBI has warned about a new type of scam where your Facebook pictures are harvested to act as “proof-of-life” pictures in a virtual kidnapping. The scammers pretend they have kidnapped somebody and contact friends and next of kin to demand a ransom for their release. While the alleged victim i...
A week in security (December 1 – December 7)
Last week on Malwarebytes Labs: Leaks show Intellexa burning zero-days to keep Predator spyware running How scammers use fake insurance texts to steal your identity Canadian police trialing facial recognition bodycams Update Chrome now: Google fixes 13 security issues affecting billions Attackers...
Leaks show Intellexa burning zero-days to keep Predator spyware running
Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator...
How scammers use fake insurance texts to steal your identity
Sometimes it’s hard to understand how some scams work or why criminals would even try them on you. In this case it may have been a matter of timing. One of my co-workers received this one: “Insurance estimates for certain age ranges: 20-30 200 – 300/mo 31-40 270 – 450/mo 41-64 350 – 500/mo Please...
Canadian police trialling facial recognition bodycams
A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialling technology from US-based Axon, which makes products for the military and law enforcement. Up to 50 officers are taking part in th...
Canadian police trialing facial recognition bodycams
A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialing technology from US-based Axon, which makes products for the military and law enforcement. Up to 50 officers are taking part in the...
Update Chrome now: Google fixes 13 security issues affecting billions
Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can pro...
Attackers have a new way to slip past MFA in educational orgs
Researchers are warning about a rise in cases of attackers using Evilginx to steal session cookies among educational institutions—letting them bypass the need for a multi-factor authentication MFA token. Evilginx is an attacker-in-the-middle phishing toolkit that sits between you and the real...
How attackers use real IT tools to take over your computer
A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...
Fileless protection explained: Blocking the invisible threat others miss
Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But what about attacks that never create files? Fileless malware is a fast-growing threat that evades traditional antivirus software, because...
“Sleeper” browser extensions woke up as spyware on 4 million devices
Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed on roughly 4.3 million Chrome and Edge users’ devices suddenly went rogue. Now they can track what you browse and run malicious code insi...
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
This week on the Lock and Code podcast … It's often said online that if a product is free, you're the product, but what if that bargain was no longer true? What if, depending on the device you paid hard-earned money for, you still became a product yourself, to be measured, anonymized, collated,...
Whispering poetry at AI can make it break its own rules
Most of the big AI makers don't like people using their models for unsavory activity. Ask one of the mainstream AI models how to make a bomb or create nerve gas and you'll get the standard "I don't help people do harmful things" response. That has spawned a cat-and-mouse game of people who try to...
Google patches 107 Android flaws, including two being actively exploited
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month...
New Android malware lets criminals control your phone and drain your bank account
Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing...
Malwarebytes joins Global Anti-Scam Alliance (GASA) as supporting member
We are excited to share that Malwarebytes has officially joined the Global Anti-Scam Alliance GASA as a supporting member. Working with GASA helps us stay aligned with others who are focused on reducing scams and keeping people safer online. Modern-day scams aren’t the clumsy, obvious tricks they...
A week in security (November 24 – November 30)
Last week on Malwarebytes Labs: How CVSS v4.0 works: characterizing and scoring vulnerabilities Millions at risk after nationwide CodeRED alert system outage and data breach Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks Fake LinkedIn jobs trick Mac users in...
How CVSS v4.0 works: characterizing and scoring vulnerabilities
The Common Vulnerability Scoring System CVSS provides software developers, testers, and security and IT professionals with a standardized way to assess vulnerabilities. You can use CVSS to assess the threat level of each vulnerability and then prioritize mitigation accordingly. This article...
Millions at risk after nationwide CodeRED alert system outage and data breach
A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to change their passwords. CodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations,...
Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks
The FBI has issued a public service announcement warning about a surge in account takeover ATO fraud, and the timing lines up with a major alert Amazon has just sent to its 300 million customers about brand impersonation scams. How ATO fraud works Account takeover fraud is just what it says:...
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the...
New ClickFix wave infects users with hidden malware in images and fake Windows updates
Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
Messaging giant WhatsApp has around three billion users in more than 180 countries. Researchers say they were able to identify around 3.5 billion registered WhatsApp accounts thanks to a flaw in the software. That higher number is possible because WhatsApp’s API returns all accounts registered to...
The hidden costs of illegal streaming and modded Amazon Fire TV Sticks
Ahead of the holiday season, people who have bought cheap Amazon Fire TV Sticks or similar devices online should be aware that some of them could let cybercriminals access personal data, bank accounts, and even steal money. BeStreamWise, a UK initiative established to counter illegal streaming,...
Black Friday scammers offer fake gifts from big-name brands to empty bank accounts
Black Friday is supposed to be chaotic, sure, but not this chaotic. While monitoring malvertising patterns ahead of the holiday rush, I uncovered one of the most widespread and polished Black Friday scam campaigns circulating online right now. It’s not a niche problem. Our own research shows that...
Matrix Push C2 abuses browser notifications to deliver phishing and malware
Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...
A week in security (November 17 – November 23)
Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...
AI teddy bear for kids responds with sexual content and advice about weapons
In testing, FoloToy’s AI teddy bear jumped from friendly chat to sexual topics and unsafe household advice. It shows how easily artificial intelligence can cross serious boundaries. It’s a fair moment to ask whether AI-powered stuffed animals are appropriate for children. It’s easy to get swept u...
Fake calendar invites are spreading. Here’s how to remove them and prevent more
We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...
Budget Samsung phones shipped with unremovable spyware, say researchers
A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week. In the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud tha...
What the Flock is happening with license plate readers?
You’re driving home after another marathon day of work and kid-shuttling, nursing a lukewarm coffee in a mug that's trying too hard. As you turn onto your street, something new catches your eye. It's a tall pole with a small, boxy device perched on top. But it's not a bird-house and there's no...
Holiday scams 2025: These common shopping habits make you the easiest target
Every year, shoppers get faster, savvier, and more mobile. We compare prices on the go, download apps for coupons, and jump on deals before they disappear. But during deal-heavy periods like Black Friday, Cyber Monday, and the December shopping rush, convenience can work against us. Quick...
[Correction] Gmail can read your emails and attachments to power “smart features”
Update November 22. We’ve updated this article after realising we contributed to a perfect storm of misunderstanding around a recent change in the wording and placement of Gmail's smart features. The settings themselves aren’t new, but the way Google recently rewrote and surfaced them led a lot o...
Mac users warned about new DigitStealer information stealer
A new infostealer called DigitStealer is going after Mac users. It avoids detection, skips older devices, and steals files, passwords, and browser data. We break down what it does and how to protect your Mac. Researchers have described a new malware called DigitStealer that steals sensitive...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
Attackers have a new trick to steal your username and password: fake browser pop-ups that look exactly like real sign-in windows. These “Browser-in-the-Browser” attacks can fool almost anyone, but a password manager and a few simple habits can keep you safe. Phishing attacks continue to evolve, a...
Sharenting: are you leaving your kids’ digital footprints for scammers to find?
Let’s be real: the online world is a huge part of our kids’ lives these days. From the time they’re tiny, we share photos, moments, and milestones online—proud parent stuff! Schools, friends, and family all get involved too. Before we know it, our kids have a whole digital history they didn’t eve...
Chrome zero-day under active attack: visiting the wrong site could hijack your browser
Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome’s V8 engine, which is the part of Chrome and other Chromium-based browsers that runs JavaScrip...
Thieves order a tasty takeout of names and addresses from DoorDash
DoorDash is known for delivering takeout food, but last month the company accidentally served up a tasty plate of personal data, too. It disclosed a breach on October 25, 2025, where an employee fell for a social engineering attack that allowed attackers to gain account access. Breaches like thes...
Why it matters when your online order is drop-shipped
Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It's not inherently fraudulent, but it can leave you disappointed,...
The price of ChatGPT’s erotic chat? $20/month and your identity
To talk dirty to ChatGPT, you may soon have to show it your driver’s license. OpenAI announced last month that ChatGPT will soon offer erotica—but only for verified adults. That sounds like a clever guardrail until you realize what “verified” might mean: uploading government identification to a...
Your coworker is tired of AI “workslop” (Lock and Code S06E23)
This week on the Lock and Code podcast … Everything's easier with AI… except having to correct it. In just the three years since OpenAI released ChatGPT, not only has onlife life changed at home—it's also changed at work. Some of the biggest software companies today, like Microsoft and Google, ar...
Scammers are sending bogus copyright warnings to steal your X login
One of my favorite Forbes correspondents recently wrote about receiving several fake copyright-infringement notices from X. Let’s suppose you get an email claiming it’s from X, warning: “We’ve received a DMCA notice regarding your account.” Chances are, you’ll be wondering what you did wrong. DMC...
A week in security (November 10 – November 16)
Last week on Malwarebytes Labs: Be careful responding to unexpected job interviews Your passport, now on your iPhone. Helpful or risky? 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers Are you paying more than other people? NY cracks down on surveillance pricing We opened a...
Be careful responding to unexpected job interviews
One of our customers was contacted on LinkedIn about a job offer. The initial message was followed up by an email: “Thank you for your interest in the Senior Construction Manager position at company. After reviewing your background, we were impressed with your experience and would like to invite...
Your passport, now on your iPhone. Helpful or risky?
Apple has launched Digital ID, a way for users in the US to create and present a government-issued ID in Apple Wallet using their passport information. For now, it works only for identity verification at Transportation Security Administration TSA checkpoints in more than 250 airports. Apple says...
1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...
Are you paying more than other people? NY cracks down on surveillance pricing
When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...