Malwarebytes Cyber Security Software & Anti-Malware
- The US digital doxxing of H-1B applicants is a massive privacy misstep
on December 12, 2025 at 6:19 pmBy making social accounts public, the new policy exposes private data that attackers can use for targeting, impersonation, or extortion.
- Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer
on December 12, 2025 at 2:26 pmCriminals make malicious ChatGPT and Grok conversations appear at the top of common Google searches—leading users straight to the Atomic macOS Stealer.
- How private is your VPN?
on December 12, 2025 at 10:25 amAfter years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here’s what I wish everyone knew.
- DroidLock malware locks you out of your Android device and demands ransom
on December 11, 2025 at 4:57 pmResearchers have found Android malware that holds your files and your device hostage until you pay the ransom.
- Malwarebytes for Mac now has smarter, deeper scans
on December 11, 2025 at 1:40 pmSay hello to the upgraded Malwarebytes for Mac, with stronger protection and more control.
- [updated]Another Chrome zero-day under attack: update now
on December 11, 2025 at 11:58 amIf we’re lucky, this update will close out 2025’s run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
- December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices
on December 10, 2025 at 4:06 pmThe update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.
- GhostFrame phishing kit fuels widespread attacks against millionson December 10, 2025 at 12:41 pm
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools.
- Prompt injection is a problem that may never be fixed, warns NCSCon December 9, 2025 at 1:34 pm
The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare?
- EU fines X $140m, tied to verification rules that make impostor scams easieron December 9, 2025 at 12:57 pm
The core problem persists: anyone can still buy a ‘verified’ checkmark from X, so don’t take their authenticity for granted.
- Deepfakes, AI resumes, and the growing threat of fake applicantson December 9, 2025 at 11:49 am
Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs.
- How phishers hide banking scams behind free Cloudflare Pages
on December 8, 2025 at 3:26 pmWe found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.
- Scammers harvesting Facebook photos to stage fake kidnappings, warns FBIon December 8, 2025 at 1:17 pm
Family photos pulled from social media are being used as “proof-of-life” in virtual kidnapping scams, the FBI warns.
- A week in security (December 1 – December 7)on December 8, 2025 at 8:03 am
A list of topics we covered in the week of December 1 to December 7 of 2025
- Leaks show Intellexa burning zero-days to keep Predator spyware running
on December 5, 2025 at 1:31 pmA fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days.
- How scammers use fake insurance texts to steal your identity
on December 4, 2025 at 5:55 pmWe follow the trail of a simple insurance text scam to show how it can spiral into full-blown identity theft.
- Canadian police trialing facial recognition bodycamson December 4, 2025 at 1:19 pm
Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.
- Update Chrome now: Google fixes 13 security issues affecting billions
on December 4, 2025 at 12:42 pmGoogle has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.
- Attackers have a new way to slip past MFA in educational orgson December 3, 2025 at 3:44 pm
Researchers are seeing a rise in Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token among educational institutions.
- How attackers use real IT tools to take over your computer
on December 3, 2025 at 2:12 pmWe’ve seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims’ systems.
