Your Windows PC has a security deadline in June 2026
A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped…
Category: MalwareBytes
Carnival confirms data breach impacting nearly 6 million
Carnival Corporation, parent of Carnival Cruise Line, is sending out fresh “Notice of Cybersecurity Event” letters dated May 27, 2026. If you feel like you’ve…
Fake LinkedIn emails abuse Adobe to track victims
Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward. The phishing email…
Kali365 phishing kit bypasses MFA and steals Microsoft logins
When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency…
Company bragged phone mics could listen to conversations. They couldn’t.
A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people’s conversations through…
700+ education and tech websites hijacked in huge ClickFix malware campaign
Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step…
Fake software on GitHub and SourceForge distribute Deno RAT
During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing…
Scammers pretending to be Microsoft had help from US executives
A pop-up appears on your computer, warning of a virus. You call the “Microsoft technician” in the pop-up message, and they explain that they need…
A week in security (May 18 – May 24)
Last week on Malwarebytes Labs: Stay safe! Browse like no one’s watching. Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next…
Update Chrome now: Critical bugs could let attackers run code
Google has issued updates for the Chrome browser patching a number of high‑severity vulnerabilities. The update includes fixes for two critical vulnerabilities that can be…
Researchers left AI agents alone in a virtual town and watched it all unravel
Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy…
Microsoft Defender vulnerabilities are being exploited in the wild
Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable…