In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect any app on the device. This […]

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. Driven by purely playful reasons, Azdoufal […]

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable […]

Scams aren’t so obvious anymore. They’re well-written, have working grammar, and can lead victims to very convincing branded webpages. Scammers increasingly use AI tools to clone sites and create highly sophisticated scams at scale, so don’t expect to rely on spotting obvious typos anymore. That’s why Scam Guard, Malwarebytes’ free, AI-powered scam detection assistant, is now available on Windows and Mac. Previously mobile-only, Scam […]

Last week on Malwarebytes Labs: How to find and remove credential-stealing Chrome extensions Fake shops target Winter Olympics 2026 fans Outlook add-in goes rogue and steals 4,000 credentials and payment data Child exploitation, grooming, and social media addiction claims put Meta on trial Apple patches zero-day flaw that could let attackers take control of devices […]

ClickFix malware campaigns are all about tricking the victim into infecting their own machine. Apparently, the criminals behind these campaigns have figured out that mshta and Powershell commands are increasingly being blocked by security software, so they have developed a new method using nslookup. The initial stages are pretty much the same as we have […]

Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing. Installing […]

Meta is facing two trials over child safety allegations in California and New Mexico. The lawsuits are landmark cases, marking the first time that any such accusations have reached a jury. Although over 40 state attorneys general have filed suits about child safety issues with social media, none had gone to trial until now. The […]

Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers.  How is it possible that the Microsoft Office Add-in Store ended listing an add-in that silently loaded a phishing kit inside Outlook’s sidebar? A developer launched an add-in called AgreeTo, an […]

If you’ve seen the two stoat siblings serving as official mascots of the Milano Cortina 2026 Winter Olympics, you already know Tina and Milo are irresistible. Designed by Italian schoolchildren and chosen from more than 1,600 entries in a public poll, the duo has already captured hearts worldwide. So much so that the official 27 […]