Deepfake sextortion forces schools to remove student photos from websites
Schools love a good photo, whether it’s from a trip to a castle, a science prize ceremony, or sports day shot from three angles. For…
Category: MalwareBytes
Why Malwarebytes blocks some Yahoo Mail redirects
Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections…
Texas sued Netflix over claims it secretly collected and sold users’ data
Attorney General (AG) of Texas Ken Paxton announced that he sued Netflix for spying on Texans, including children, and collecting users’ data without their knowledge…
May 2026 Patch Tuesday: no zero-days but plenty to fix
This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a…
Stolen Canvas data was “returned” after hacker agreement, Instructure says
The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group…
Fake Claude search results lure Mac users into ClickFix attack
Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on…
1 in 8 employees have sold company logins or know someone who has
UK anti-fraud non-profit Cifas just published research that should bother anyone who runs a business, or buys from one: One in eight workers at large…
Yarbo responds to robot flaws that could mow down their owners
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher…
A week in security (May 4 – May 10)
Last week on Malwarebytes Labs: Stay safe! Browse like no one’s watching. Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next…
ShinyHunters escalates Canvas attacks with school login defacements
Days after confirming a major data breach, Instructure is now facing a second blow. Earlier this week, Instructure confirmed a major data breach affecting its…
Microsoft says Edge’s plaintext password behavior is “by design”
Some time ago, we discussed whether you should allow your browser to remember your passwords. In that article we mentioned the importance of encryption. “With…
Massive AI investment scam network spans 15,500 domains
Researchers tracked a large AI‑themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting…