An AI tool with a funny name has caused quite a commotion as of late—including some allegations of machine consciousness—so here is a breakdown on OpenClaw. Launched in November 2025, OpenClaw is an open-source, autonomous artificial intelligence (AI) agent that was made to run locally on your own computer, allowing it to manage tasks, interact with […]

A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, to users who believed they were improving their security. The campaign, attributed to the Silver Fox APT group—a Chinese-speaking threat group known for distributing trojanized versions of popular Chinese […]

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password manager claims that they can’t see […]

Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents AI that could keep you posting from beyond the grave Betterment data breach […]

This week on the Lock and Code podcast… A funny thing happened on TikTok last month, and it has brought allegations of censorship, manipulation, and control. It was the week of January 22, and after a long legal battle, TikTok had finally—for the first time in its company history—moved its ownership to new, American stewards. […]

Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page. Click Download Now and instead of a Windows update, you get a malicious installer—one that silently steals saved passwords, browser sessions, and cryptocurrency wallet data. “I just wanted to update Windows” […]

Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short while ago we reported that Discord will limit profiles to teen-appropriate mode until you verify your […]

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language model. It describes a system […]

Tenga confirmed reports published by several outlets that the company notified customers of a data breach. The Japanese manufacturer of adult products appears to have fallen victim to a phishing attack targeting one of its employees. Tenga reportedly wrote in the data breach notification: “An unauthorized party gained access to the professional email account of […]

Using Artificial Intelligence (AI) to generate your passwords is a bad idea. It’s likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords (words, phrases, patterns) with automated tools until one of them works, instead of […]