Malwarebytes
@malwarebytes.com
All-in-one cybersecurity that's always by your side
https://www.malwarebytes.com/
https://www.malwarebytes.com/
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.
This data is available for sale on the dark web and can be abused by cybercriminals.
This data is available for sale on the dark web and can be abused by cybercriminals.
January 9, 2026 at 4:34 PM
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.
This data is available for sale on the dark web and can be abused by cybercriminals.
This data is available for sale on the dark web and can be abused by cybercriminals.
Founder Bryan Fleming pleaded guilty to computer hacking, unlawfully selling and advertising spyware, and conspiracy.
pcTattletale founder pleads guilty as US cracks down on stalkerware
After years of security failures and partner-spying marketing, pcTattletale’s founder has pleaded guilty in a rare US federal stalkerware case.
bit.ly
January 9, 2026 at 4:25 PM
Founder Bryan Fleming pleaded guilty to computer hacking, unlawfully selling and advertising spyware, and conspiracy.
ChatGPT Health lets users connect their medical records and wellness apps so the model can answer questions in a more personalized way.
Are we ready for ChatGPT Health?
Linking your medical records to ChatGPT Health may give you personalized wellness answers, but it also comes with serious privacy implications.
bit.ly
January 9, 2026 at 2:18 PM
ChatGPT Health lets users connect their medical records and wellness apps so the model can answer questions in a more personalized way.
Not your grandma’s LEGO: these 2×4 bricks pack a sub-stud-sized ASIC chip with motion, light, and sound sensors, LEDs, and a tiny synth that generates sounds in real time.
Lego’s Smart Bricks explained: what they do, and what they don’t
A smart toy doesn’t have to be a risky one. Lego’s Smart Bricks add sensors and sound without apps, accounts, or AI. We explain how it works.
bit.ly
January 8, 2026 at 2:16 PM
Not your grandma’s LEGO: these 2×4 bricks pack a sub-stud-sized ASIC chip with motion, light, and sound sensors, LEDs, and a tiny synth that generates sounds in real time.
We found a fake WinRAR installer spreading through unofficial sites, using layered malware to check the system and deliver the most effective payload.
Fake WinRAR downloads hide malware behind a real installer
We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.
bit.ly
January 8, 2026 at 11:03 AM
We found a fake WinRAR installer spreading through unofficial sites, using layered malware to check the system and deliver the most effective payload.
Crimson Collective claims massive Brightspeed data.
One million customers on alert as extortion group claims massive Brightspeed data haul
The Crimson Collective claims to have stolen data on more than a million Brightspeed customers. The broadband provider is investigating.
www.malwarebytes.com
January 8, 2026 at 5:46 AM
Crimson Collective claims massive Brightspeed data.
Attackers are sending convincingly fake “Google” emails that bypass spam filters, leading users to a fraudulent Microsoft 365 sign-in page.
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins
Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.
bit.ly
January 6, 2026 at 5:25 PM
Attackers are sending convincingly fake “Google” emails that bypass spam filters, leading users to a fraudulent Microsoft 365 sign-in page.
The FTC announced that Disney will pay a $10 million settlement following allegations of violating children's privacy rights.
Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law
The FTC is seeking a $10 million settlement over allegations that children’s privacy laws were violated through the mislabeling of kid-focused YouTube videos.
bit.ly
January 6, 2026 at 2:04 PM
The FTC announced that Disney will pay a $10 million settlement following allegations of violating children's privacy rights.
Spotting what is a scam and what is real can be tricky enough without AI making scams more convincing.
How AI made scams more convincing in 2025
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control.
www.malwarebytes.com
January 5, 2026 at 2:32 PM
Spotting what is a scam and what is real can be tricky enough without AI making scams more convincing.
Another AI built for power and engagement reveals how guardrails fail when speed and competition outpace safety.
Grok apologizes for creating image of young girls in “sexualized attire”
Having generated content that may violate US child sexual abuse material laws, Grok highlights once again how ineffective AI guardrails can be.
bit.ly
January 5, 2026 at 1:33 PM
Another AI built for power and engagement reveals how guardrails fail when speed and competition outpace safety.
If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch.
In 2025, age checks started locking people out of the internet
Lawmakers enforced age checks, websites blocked entire countries, and users turned to VPNs to get around them.
www.malwarebytes.com
December 31, 2025 at 5:32 PM
If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch.
When AI became the star of 2025, were users too eager to data trade privacy for technological progress?
2025 exposed the risks we ignored while rushing AI
We explore how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
www.malwarebytes.com
December 31, 2025 at 3:23 PM
When AI became the star of 2025, were users too eager to data trade privacy for technological progress?
Cybersecurity isn't just a Windows problem.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Malware in 2025 spread far beyond Windows PCs
Windows isn’t the only target anymore. In 2025, malware increasingly targeted Android, macOS, and multiple platforms at once.
www.malwarebytes.com
December 29, 2025 at 2:34 PM
Cybersecurity isn't just a Windows problem.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Hactivists scrape Spotify's catalog and host it online for free.
Hacktivists claim near-total Spotify music scrape
Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about?
www.malwarebytes.com
December 23, 2025 at 7:54 PM
Hactivists scrape Spotify's catalog and host it online for free.
ASUS Live Update backdoor is still exploitable, seven years later.
CISA warns ASUS Live Update backdoor is still exploitable, seven years on
Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.
www.malwarebytes.com
December 22, 2025 at 2:20 PM
ASUS Live Update backdoor is still exploitable, seven years later.
Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.
Pornhub tells users to expect sextortion emails after data exposure
Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.
www.malwarebytes.com
December 22, 2025 at 2:06 PM
Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.
⭐ Customer shout-out! ⭐
One of our amazing customers just left us some awesome feedback. Huge thanks to Bruce — or should we say Joe? 😄 — for trusting us with your security needs!
One of our amazing customers just left us some awesome feedback. Huge thanks to Bruce — or should we say Joe? 😄 — for trusting us with your security needs!
December 19, 2025 at 3:58 PM
⭐ Customer shout-out! ⭐
One of our amazing customers just left us some awesome feedback. Huge thanks to Bruce — or should we say Joe? 😄 — for trusting us with your security needs!
One of our amazing customers just left us some awesome feedback. Huge thanks to Bruce — or should we say Joe? 😄 — for trusting us with your security needs!
"Bah humbug" 😱
GhostPairing attackers take over WhatsApp accounts, adding their browser as an invisible linked device on the account.
GhostPairing attackers take over WhatsApp accounts, adding their browser as an invisible linked device on the account.
The ghosts of WhatsApp: How GhostPairing hijacks accounts
Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts.
bit.ly
December 18, 2025 at 5:58 PM
"Bah humbug" 😱
GhostPairing attackers take over WhatsApp accounts, adding their browser as an invisible linked device on the account.
GhostPairing attackers take over WhatsApp accounts, adding their browser as an invisible linked device on the account.
Browser extension Urban VPN Proxy collected data from users and sent it to a data broker.
Chrome extension slurps up AI chats after users installed it for privacy
The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to.
bit.ly
December 18, 2025 at 1:43 PM
Browser extension Urban VPN Proxy collected data from users and sent it to a data broker.
Mobile devices are the main gateway to our money, identity, and personal lives. And with mobile users 39% more likely to click a link on their phone than on their laptop, protecting your device is more important than ever.
Learn more in our Android threat report.
https://bit.ly/4pLuoOq
Learn more in our Android threat report.
https://bit.ly/4pLuoOq
December 17, 2025 at 2:55 PM
Mobile devices are the main gateway to our money, identity, and personal lives. And with mobile users 39% more likely to click a link on their phone than on their laptop, protecting your device is more important than ever.
Learn more in our Android threat report.
https://bit.ly/4pLuoOq
Learn more in our Android threat report.
https://bit.ly/4pLuoOq
A PDF named “NEW Purchase Order # 52177236.pdf” turned out to be a phishing scam, and Malwarebytes blocked it. Here's what gave it away.
Inside a purchase order PDF phishing campaign
A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.
www.malwarebytes.com
December 17, 2025 at 2:13 PM
A PDF named “NEW Purchase Order # 52177236.pdf” turned out to be a phishing scam, and Malwarebytes blocked it. Here's what gave it away.
SoundCloud, Pornhub, and 700Credit are the latest victims to suffer a data breach.
SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there
We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken.
www.malwarebytes.com
December 17, 2025 at 12:08 AM
SoundCloud, Pornhub, and 700Credit are the latest victims to suffer a data breach.
A researcher discovered a security flaw that allowed anyone to download customers' photos and videos.
Photo booth flaw exposes people's private pictures online
A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.
bit.ly
December 16, 2025 at 6:37 PM
A researcher discovered a security flaw that allowed anyone to download customers' photos and videos.
Google will be discontinuing the dark web report, which was meant to monitor breach data that's on the dark web.
Google is discontinuing its dark web report: why it matters
Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?
bit.ly
December 16, 2025 at 2:34 PM
Google will be discontinuing the dark web report, which was meant to monitor breach data that's on the dark web.