Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to phishing or malware pages, without ever completing a successful sign‑in or stealing tokens from the OAuth flow itself. That calls for a bit more explanation. OAuth (Open Authorization) is an open-standard protocol for delegated authorization. It allows users […]

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a notification when updates are available, but you can also check […]

Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we have recalculated the previous year’s data; consequently, these figures may differ significantly […]

Chrome’s Gemini “Live in Chrome” panel (Gemini’s embedded, agent-style assistant mode within Chrome) had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file access, screenshots, and camera/microphone control. The vulnerability was patched in a January update. But […]

On Friday the US Pentagon cut ties with Anthropic, the company behind Claude AI. Defense Secretary Pete Hegseth designated the San Francisco-based company a “supply-chain risk to national security.” The supply-chain risk designation means that no contractor, supplier, or partner doing business with the US military can deal with Anthropic. The label previously applied only […]

Samsung has settled a lawsuit with the Texas Attorney General over how its smart TVs collect and monetize viewing data using Automated Content Recognition (ACR). As part of the settlement, Samsung agreed to stop collecting ACR data from Texans without explicit, informed consent and to rewrite its on‑screen privacy prompts and dialogs. Texas Attorney General […]

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent breach; from 10 million to […]

An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely different: a credential-harvesting web page that quietly sent passwords and IP/location data straight to a Telegram bot controlled by an attacker. Imagine you’re in accounts payable, sales, or operations. Your day is a steady flow of […]

A trojanized copy of the open-source FTP client FileZilla 3.69.5 is circulating online. The archive contains the legitimate FileZilla application, but with a single malicious DLL added to the folder. When someone downloads this tampered version, extracts it, and launches FileZilla, Windows loads the malicious library first. From that moment on, the malware runs inside […]

Google Maps/Cloud API (Application Programming Interface) keys that used to be safe to publish can now, in many cases, be used as real Gemini AI credentials. This means that any key sitting in public JavaScript or application code may now let attackers connect to Gemini through its API, access data, or run up someone else’s […]