April Patch Tuesday fixes two zero-days, including one under active attack
This month’s patch Tuesday looks to remediate 167 security vulnerabilities including two zero-day vulnerabilities, one of which is known to be actively exploited in the…
Category: MalwareBytes
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods. What makes…
AI clickbait can turn your notifications into a scam feed
Pushpaganda is the name researchers have given to an AI-assisted ad fraud, social engineering, and scareware operation targeting mobile users. For most people, Pushpaganda starts as something…
Fake YouTube copyright notices can steal your Google login
A convincing phishing campaign is going after YouTube creators, and if it works, attackers don’t just steal your Google login. They can take over your…
ChatGPT under scrutiny as Florida investigates campus shooting
Chatbots don’t kill people. But they can help others do so. On April 9, Florida Attorney General James Uthmeier announced that his office is investigating…
Omnistealer uses the blockchain to steal everything it can
A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users.…
Simply opening a PDF could trigger this Adobe Reader zero-day
Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked…
A week in security (April 6 – April 12)
Last week on Malwarebytes Labs: Stay safe! We don’t just report on scams—we help detect them Cybersecurity risks should never spread beyond a headline. If…
ClickFix finds a new way to infect Macs
ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers…
Fake Claude site installs malware that gives attackers access to your computer
Claude’s rapid growth—nearly 290 million web visits per month—has made it an attractive target for attackers, and this campaign shows how easy it is to…
30,000 private Facebook images allegedly downloaded by Meta employee
Every tech company tells you your data is safe. They’ve (hopefully) got encryption, access controls, and zero-trust architectures—the whole glossy security brochure. And then someone…
NSFW app leak exposes 70,000 prompts linked to individual users
MyLovely.AI, an AI “artwork” generation platform, has reportedly been compromised, affecting 106,362 registered users. The AI girlfriend app allows users to generate personalized NSFW content…