An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool—an ideal starting point for attackers to explore a network, steal data, and drop additional malware. A German industrial spare parts and equipment supplier received an email pretending to be from DHL, claiming a shipment had […]

When we read about this new malware tactic, or that novel social engineering approach, it’s easy to forget that there are scammers out there making a living from ancient methods. Recently, one of our researchers received this variation on the good old Nigerian advance-fee scam. From: Mrs.Inga-Britt Ahlenius.Internal Audit, Monitoring, Consulting and Investigations DivisionUNITED NATIONS […]

Travel companies love telling you your data is safe. Booking.com just reminded everyone why that’s a hard promise to keep. The Amsterdam-based booking giant began notifying customers on April 13 that “unauthorized third parties” had accessed guest reservation data.  The compromised information includes booking details, names, email addresses, physical addresses, and phone numbers—essentially everything you’d […]

A trojanized Slack download from a typosquatting website is giving attackers something most users wouldn’t even know to look for: a hidden desktop running on their machine. The installer looks legitimate and even launches a working copy of Slack. But in the background, it can create an invisible session where attackers can browse, access accounts, […]

A few months ago, we reported on a fake cloud storage alert that triggered a redirect chain to an app that has since been delisted from the Apple Store. The threat of losing your photos is a powerful lure, so scammers are now using it to steal personal and financial details. The Guardian warns about […]

Have you ever been on a website when a pop-up suddenly asked for access to your camera, microphone, location, or notifications? Whether you clicked “allow,” dismissed it, or just wondered why it appeared, those permission requests aren’t always harmless. Some sites can abuse those permissions. With Access Control, a new feature in Browser Guard, you […]

Pushpaganda is the name researchers have given to an AI-assisted ad fraud, social engineering, and scareware operation targeting mobile users. For most people, Pushpaganda starts as something that looks completely normal. For example, a recommended article in your Google Discover feed (the personalized news stream on your phone) or one of the suggested stories you see when […]

Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023. Percentage of ICS computers on which malicious […]

If there is anything that annoys me more than a scammer, it’s companies that behave like one, while staying just on the right side of the law. They manage to linger and disappoint customers for years. It’s also why sometimes people think that Malwarebytes Scam Guard can be overly cautious when flagging websites. Some sites […]

This month’s patch Tuesday looks to remediate 167 security vulnerabilities including two zero-day vulnerabilities, one of which is known to be actively exploited in the wild. This makes April one of those months where “Patch Tuesday” looks more like “patch the entire stack,” from servers and endpoints to network gear, browsers, and mobile devices. But […]