Roses are red Flags are too If they ask for money They’re trying to scam you 🥀

Researchers discovered another 30 malicious Chrome extensions in the Web Store that stole credentials from over 260,000 users.

If it's too cute to be true, it probably is.

Apple released a security update to patch a flaw that could let attackers take control of your devices. Read the latest.

A once popular Outlook add-in suddenly went rogue and stole 4,000 credentials and payment data after a cybercriminal purchased an abandoned Vercel subdomain.

Microsoft's latest update fixes six actively exploited zero-days.

Discord will make all profiles age restricted until you prove you’re an adult via a facial scan or a government-issued ID

Hacked Snapchat accounts and secret filming with smart glasses, this week served two reminders of how women’s privacy is still being violated.

Another day, another AI app leaks user data.

A fake 7-Zip site has been quietly spreading a trojanized installer that turns victims’ machines into proxy nodes.

This Apple Pay phishing scam tricks users into calling a fake support number to steal 2FA codes and credit card details.

Attackers often hide malware inside fake PDFs that install a RAT once opened, giving attackers full remote access to your machine. But don’t be fooled by the icon. It’s not actually a document. Learn how this sneaky trick works and how to protect yourself.

Flock Safety, had been sharing city data with hundreds of law enforcement agencies, including federal ones, without permission.

Despite tighter safeguards, Grok continues to create sexualized images.

An AI Controls area will be added that centralizes the management of all generative AI features, including a master switch that lets users effectively run the browser "without AI."

Companies continue to roll out unsecure AI features that do terrible things.

Malwarebytes is named a @pcmag.com Top Tech Brand for the third year in a row.

If you have ever been an AT&T customer, consider this a reminder that your data may already be circulating in forms that are genuinely useful to attackers.

The new setting reduces the precision of location data shared with carriers. Rather than a street address, carriers would see only the neighborhood where a device is located.

We followed a fake cloud storage payment alert through deceptive affiliate redirects, ending at a familiar destination: Freecash.

Scams happen in conversations. Now protection does too. Malwarebytes is now available as a ChatGPT app. Users can leverage the expert threat intelligence of Malwarebytes within their ChatGPT conversations. Just ask @Malwarebytes to check suspicious links, emails, domains, phone numbers, and more.

“You’re invited!”—to install a full remote-access tool on your Windows computer, handing attackers complete control of the system. https://bit.ly/4rlQBCY

Moltbook, a social media platform for AI chatbots, has been released and it's a wild ride.

The viral AI assistant Clawdbot’s rename to Moltbot sparks an impersonation campaign for a supply-chain attack.

A new law classifies immigration status as sensitive personal information, requiring companies to disclose how they handle it even if they do not actively collect it.

Meta plans to test exclusive features that will be incorporated into paid versions of Facebook, Instagram, and WhatsApp. Which probably means more AI features.

‼️ Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office ‼️ The affected products include Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps.

The extensions steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata.

The new feature, called "Strict Account Settings", will change what happens to the files that move through your chats—especially the kind that can hide malware.

We saw a convincing text posing as AT&T, warning users their reward points were expiring. Only it wasn’t from AT&T. It's a phishing campaign using realistic branding, social engineering, and data theft

A malicious media file, sent into a newly created WhatsApp group chat, can be automatically downloaded and used as an attack vector.

TikTok may have secured its future in the US by forming a $14 billion joint venture, allowing it to continue operating in the country.

It's designed not to reward scrolling, but to funnel you into games where you are likely to spend money or watch paid advertisements.

This could be someone testing the system, but it just as well might be someone who enjoys disrupting the system and wreaking havoc.

Malicious Google Calendar invites could expose your private data.

The personal data of 72 million Under Armor customers is now up for sale on the dark web.

LastPass warns of a phishing campaign using fake “maintenance” emails that rush users to back up vaults and lead to credential-stealing sites.

This fake ad blocker crashes browsers to trick users into infecting themselves

Google has settled yet another class-action lawsuit accusing it of collecting children’s data and using it to target them with advertising.

Cybercriminal group DarkSpectre is believed to be behind three malicious browser extension campaigns: ShadyPanda, GhostPoster, and Zoom Stealer.

WhisperPair allows attackers to hijack popular Bluetooth audio devices using Google Fast Pair and, in some cases, track their location via Google’s Find Hub.

The Dutch police ran a fake ticket website mimicking real scams to teach people how easily ticket fraud works.

Online shoppers, beware: Magecart skimming attacks are targeting major payment networks like American Express, Diners Club, Discover, and Mastercard. Stay informed and protect your data with our latest article.

The attack flow abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. https://bit.ly/45Gk9mo

Fake LinkedIn profiles are posting comments threatening account suspensions that lead to real phishing sites.

Data brokers being held accountable is a trend we are absolutely here for.

Upgrading requires a restart, which makes this a win-win: you get the latest protections, and any memory-resident malware is flushed at the same time.

Did you receive an unsolicited Instagram password reset email? Here’s what you need to know.

Grok’s lapse on sexualized images of minors has become a global regulatory stress test for xAI, unlikely to be fixed with a simple apology or hotfix.

From earning seven straight MRG Effitas Android 360° certifications to a perfect score in AVLab Cybersecurity Foundation’s real-world malware test, Malwarebytes kept its winning-streak alive in 2025. 🥳 🎉