Attackers have a new way to slip past your MFA
Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token. Researchers are warning…
Category: MalwareBytes
How attackers use real IT tools to take over your computer
A new wave of attacks is exploiting legitimate Remote Monitoring and Management (RMM) tools like LogMeIn Resolve (formerly GoToResolve) and PDQ Connect to remotely control…
Fileless protection explained: Blocking the invisible threat others miss
Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But…
“Sleeper” browser extensions woke up as spyware on 4 million devices
Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed…
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
This week on the Lock and Code podcast… It’s often said online that if a product is free, you’re the product, but what if that…
Whispering poetry at AI can make it break its own rules
Most of the big AI makers don’t like people using their models for unsavory activity. Ask one of the mainstream AI models how to make…
Google patches 107 Android flaws, including two being actively exploited
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates…
Google patches 107 Android flaws, including two being actively exploited
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates…
New Android malware lets criminals control your phone and drain your bank account
Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto…
Malwarebytes joins Global Anti-Scam Alliance (GASA) as supporting member
We are excited to share that Malwarebytes has officially joined the Global Anti-Scam Alliance (GASA) as a supporting member. Working with GASA helps us stay aligned with others who are focused on reducing scams and…
How CVSS v4.0 works: characterizing and scoring vulnerabilities
The Common Vulnerability Scoring System (CVSS) provides software developers, testers, and security and IT professionals with a standardized way to assess vulnerabilities. You can use…
Millions at risk after nationwide CodeRED alert system outage and data breach
A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to…