02
Feb
2026

InsertScript: Blink – DoS of tab via SVG in img tag / CSS context

This is just a quick blogpost to document a behavior in the Blink engine in regards to the processing of…

Voice channels are the next major attack vector that security teams can’t monitor
02
Feb
2026

Voice channels are the next major attack vector that security teams can’t monitor

For years, cybersecurity teams have worked to close gaps across email, endpoints, cloud infrastructure, and application layers. But as new…

NationStates
02
Feb
2026

NationStates confirms data breach, shuts down game site

NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate…

PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
02
Feb
2026

PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware

A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments….

Notepad Hacked
02
Feb
2026

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

Ravie LakshmananFeb 02, 2026Threat Intelligence / Malware The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update…

02
Feb
2026

India Boosts Cybersecurity, Cloud, Data Centres

When Union Finance Minister Nirmala Sitharaman of India presented the Union Budget 2026–27 on February 1, it became clear that…

Arsink Rat Attacking Android Devices to Exfiltrate Sensitive Data and Enable Remote Access
02
Feb
2026

Arsink Rat Attacking Android Devices to Exfiltrate Sensitive Data and Enable Remote Access

A dangerous Android malware called Arsink RAT has emerged as a serious threat to mobile device security worldwide. This cloud-native…

Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
02
Feb
2026

Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes

A widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances…

Google Uncovered Significant Expansion in ShinyHunters Threat Activity with New Tactics
02
Feb
2026

Google Uncovered Significant Expansion in ShinyHunters Threat Activity with New Tactics

The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These…

week in security
02
Feb
2026

A week in security (January 26 – February 1)

Last week on Malwarebytes Labs: Stay safe! We don’t just report on threats – we help protect your social media…

02
Feb
2026

Online Piracy Sites Seized In U.S.-Bulgarian Crackdown

In a major step against online piracy and illegal copyright distribution, U.S. law enforcement has partnered with Bulgarian authorities to…

1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks
02
Feb
2026

1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks

A critical vulnerability in OpenClaw, the open-source AI personal assistant trusted by over 100,000 developers, has been discovered and weaponized…