North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
“A .lnk file is how Windows handles shortcuts: Whenever you click on that Outlook icon on your desktop, you’re actually clicking on a separate file…
Month: April 2026
Check Point tracks Iranian password-spraying waves targeting government and energy sectors in Israel and UAE
Check Point Research has been tracking an ongoing password-spraying campaign targeting Microsoft 365 environments across the Middle East, primarily in Israel and the UAE, conducted…
Darktrace finds Chinese-nexus intrusions reveal dual-mode tactics targeting critical infrastructure at scale
New Darktrace research identified that Chinese-nexus cyber operations are increasingly defined by persistence, strategic intent, and behavioral consistency rather than discrete, campaign-driven activity. The analysis…
Are Biometrics the Hero or Villain in Cybersecurity?
Let’s talk about something that’s been making waves in everything from passports to smartwatches: biometrics. As of June 2024, 172 out of 195 countries use…
Google’s Bug Bounty Program Hits All-Time High With $17 Million in 2025 Payouts
Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary in 2025 by breaking every payout record in its history. The tech giant awarded a staggering…
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running…
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift
Drift Protocol reveals that a North Korean state-linked group spent six months posing as a trading firm to execute a $285 million hack. Read about…
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available…
A week in security (March 30 – April 5)
Last week on Malwarebytes Labs: Stay safe! We don’t just report on data privacy—we help you remove your personal information Cybersecurity risks should never spread…
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Ravie LakshmananApr 06, 2026Ransomware / Endpoint Security Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence…
Massachusetts Emergency Cyberattack Hits Patriot Regional
A Massachusetts emergency cyberattack has temporarily disrupted the operations of the Patriot Regional Emergency Communications Center, affecting several small towns in northern Massachusetts. The breach, which began…
North Korea Spent 6 Months To Drain $285M From Drift Protocol In 12 Mins
The message Drift Protocol posted to X on April 1, opened with an unusual disclaimer: “This is not an April Fools joke.” Within hours, the…