MetallicaMVP

Apple patches Coruna exploit kit flaws for older iOS versions Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit.

Apple patches Coruna exploit kit flaws for older iOS versions for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

This Android vulnerability can break your lock screen in under 60 seconds Researchers showed how attackers could pull encryption keys, recover the PIN, and access sensitive data from affected devices.

This Android vulnerability can break your lock screen in under 60 seconds for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Microsoft Authenticator could leak login codes—update your app now A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links.

Microsoft Authenticator could leak login codes—update your app now for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Phishers hide scam links with IPv6 trick in “free toothbrush” emails United Healthcare impersonators are using an IPv6 trick to hide the real destination of phishing links in emails promising free Oral-B toothbrushes.

Phishers hide scam links with IPv6 trick in “free toothbrush” emails for Malwarebytes Labs www.malwarebytes.com/blog/scams/2...

Sextortion "I recorded you" emails reuse passwords found in disposable inboxes “You pervert, I recorded you!” sextortion emails include real passwords harvested from public temporary email inboxes.

Sextortion “I recorded you” emails reuse passwords found in disposable inboxes for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

March 2026 Patch Tuesday fixes two zero-day vulnerabilities Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services.

March 2026 Patch Tuesday fixes two zero-day vulnerabilities for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Watch out for tax-season robocalls pushing fake “relief programs” Scammers are targeting Americans with robocalls during tax season. Here’s how to spot the scam.

Watch out for tax-season robocalls pushing fake “relief programs” for Malwarebytes Labs www.malwarebytes.com/blog/threat-...

Signal and WhatsApp accounts targeted in phishing campaign Dutch intelligence warns that attackers are hijacking Signal and WhatsApp accounts by tricking users into sharing verification codes or linking a malicious device.

Signal and WhatsApp accounts targeted in phishing campaign for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Quiz sites trick users into enabling unwanted browser notifications The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions.

Quiz sites trick users into enabling unwanted browser notifications for Malwarebytes Labs www.malwarebytes.com/blog/threat-...

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

High-severity Qualcomm bug hits Android devices in targeted attacks Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component.

High-severity Qualcomm bug hits Android devices in targeted attacks for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Purchase order attachment isn’t a PDF. It’s phishing for your password A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.

Purchase order attachment isn’t a PDF. It’s phishing for your password for Malwarebytes Labs www.malwarebytes.com/blog/threat-...

Public Google API keys can be used to expose Gemini AI data Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.

Public Google API keys can be used to expose Gemini AI data for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

How to understand and avoid Advanced Persistent Threats APT stands for Advanced Persistent Threat. But what does that actually mean, and how does it translate into the kind of threat you’re facing?

How to understand and avoid Advanced Persistent Threats for Malwarebytes Labs www.malwarebytes.com/blog/how-to/...

The Conduent breach; from 10 million to 25 million (and counting) A third-party breach at Conduent now affects 25 million Americans—many never knew their data flowed through its systems.

The Conduent breach; from 10 million to 25 million (and counting) for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Developer creates app to detect nearby smart glasses A developer created an Android app that looks for nearby smart glasses. It's not perfect, but it can help people in certian circumstances.

Developer creates app to detect nearby smart glasses for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

OpenClaw: What is it and can you use it safely? OpenClaw is a hot topic at the moment. But what is it and how can you use the 24/7 AI assistant in a safe way?

OpenClaw: What is it and can you use it safely? for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Password managers keep your passwords safe, unless… Researchers investigated the zero-knowledge claims of password managers and they found some possible attack scenarios

Password managers keep your passwords safe, unless… for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Age verification vendor Persona left frontend exposed Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.

Age verification vendor Persona left frontend exposed for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

AI-generated passwords are a security risk AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.

AI-generated passwords are a security risk for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Unofrtunately that drawer seems to be quite empty.

Intimate products producer Tenga spilled customer data US customers of sex toy manufacturer Tenga may have had some data leaked due to a phishing attack on a Tenga employee

Intimate products producer Tenga spilled customer data for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Betterment data breach might be worse than we thought This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.

Betterment data breach might be worse than we thought for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Job scam uses fake Google Forms site to harvest Google logins Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.

Job scam uses fake Google Forms site to harvest Google logins for Malwarebytes Labs www.malwarebytes.com/blog/scams/2...

Update Chrome now: Zero-day bug allows code execution via malicious webpages Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

Update Chrome now: Zero-day bug allows code execution via malicious webpages for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

ClickFix added nslookup commands to its arsenal for downloading RATs Microsoft researchers found a ClickFix campaign that uses the nslookup tool to have users infect their own system with a Remote Access Trojan.

ClickFix added nslookup commands to its arsenal for downloading RATs for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Outlook add-in goes rogue and steals 4,000 credentials and payment data The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

Outlook add-in goes rogue and steals 4,000 credentials and payment data for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

February 2026 Patch Tuesday includes six actively exploited zero-days Microsoft’s February Patch Tuesday fixes 59 flaws—including six zero-days already under active attack. How bad are they?

February 2026 Patch Tuesday includes six actively exploited zero-days for Malwarebytes Labs www.malwarebytes.com/blog/news/20...

Discord will limit profiles to teen-appropriate mode until you verify your age Discord will make all profiles teen-appropriate by default until you prove you’re an adult. What you’d “miss” may not be all that terrible.

Discord will limit profiles to teen-appropriate mode until you verify your age for Malwarebytes Labs www.malwarebytes.com/blog/news/20...