Malwarebytes Cyber Security Software & Anti-Malware
- The ghosts of WhatsApp: How GhostPairing hijacks accounts
on December 18, 2025 at 1:37 pmCriminals are tricking WhatsApp users into linking an attackerās browser to their account using fake login pages and routine-looking prompts.
- Chrome extension slurps up AI chats after users installed it for privacy
on December 18, 2025 at 1:02 pmThe extension disclosed its AI data collection, but not in a way most users would recognizeāor knowingly agree to.
- Two Chrome flaws could be triggered by simply browsing the web: Update now
on December 17, 2025 at 4:02 pmGoogle’s patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content.
- Inside a purchase order PDF phishing campaign
on December 17, 2025 at 1:38 pmA āpurchase orderā PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.
- SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end thereon December 16, 2025 at 5:04 pm
We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken.
- Android mobile adware surges in second half of 2025on December 16, 2025 at 1:58 pm
Malwarebytes threat research reveals spike in adware and malicious malware families Triada and MobiDash heading into the holiday season.
- Photo booth flaw exposes people’s private pictures onlineon December 16, 2025 at 11:46 am
A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.
- Google is discontinuing its dark web report: why it matterson December 16, 2025 at 11:10 am
Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?
- Pig butchering is the next āhumanitarian global crisisā (Lock and Code S06E25)on December 15, 2025 at 3:39 pm
This week on the Lock and Code podcast, we speak with Erin West about pig butchering scams and the efforts to stop this new, global crisis.
- PayPal closes loophole that let scammers send real emails with fake purchase notices
on December 15, 2025 at 1:41 pmScammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.
- A week in security (December 8 – December 14)on December 15, 2025 at 8:03 am
A list of topics we covered in the week of December 8 to December 14 of 2025
- The US digital doxxing of H-1B applicants is a massive privacy misstepon December 12, 2025 at 6:19 pm
By making social accounts public, the new policy exposes private data that attackers can use for targeting, impersonation, or extortion.
- Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer
on December 12, 2025 at 2:26 pmCriminals make malicious ChatGPT and Grok conversations appear at the top of common Google searchesāleading users straight to the Atomic macOS Stealer.
- How private is your VPN?
on December 12, 2025 at 10:25 amAfter years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, hereās what I wish everyone knew.
- DroidLock malware locks you out of your Android device and demands ransom
on December 11, 2025 at 4:57 pmResearchers have found Android malware that holds your files and your device hostage until you pay the ransom.
- Malwarebytes for Mac now has smarter, deeper scansĀ
on December 11, 2025 at 1:40 pmSay hello to the upgraded Malwarebytes for Mac, with stronger protection and more control.
- [Updated] Another Chrome zero-day under attack: update now
on December 11, 2025 at 11:58 amIf weāre lucky, this update will close out 2025ās run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
- December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices
on December 10, 2025 at 4:06 pmThe update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.
- GhostFrame phishing kit fuels widespread attacks against millionson December 10, 2025 at 12:41 pm
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools.
- Prompt injection is a problem that may never be fixed, warns NCSCon December 9, 2025 at 1:34 pm
The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare?
