Malwarebytes Labs

A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.

Days after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.

AI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets.

A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.

Google Chrome writes a 4GB AI model to users’ devices without asking, and reinstalls it if you delete it.

A legitimate developer tool is being repurposed by attackers to package and spread this Windows infostealer in harder-to-detect ways.

ShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.

WhatsApp patches flaws that could expose users to malicious content and disguised malware.

This week on the Lock and Code podcast, we speak with Eva Velasquez about small business cyberattacks and the “cyber tax” coming for us all.

In an ongoing operation, hackers are hijacking Facebook accounts using Google AppSheet to send phishing emails that pass security checks.

A four-part scam economy is already forming around the 2026 World Cup, using the tournament’s brand to sell everything from fake visas to worthless tokens.

A list of topics we covered in the week of April 27 to May 3 of 2026

Small business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise.

A vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password.

We investigate how scammers are abusing PayPal’s systems to push victims into calling fake support numbers.

Hackers used fake Roblox “game enhancements” to steal login details from hundreds of thousands of players, then sold the accounts for profit.

What happens when you strip the internet out of AI? Researchers built a chatbot that only knows the world before 1931.

A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix.

We’re in Claude! Now everyone can use our threat intel to check suspicious links, phone numbers, or email addresses. We’re committed to helping you spot scams.

Scammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut.