Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands “DarkSword” patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse […]

Big news: Lock and Code is nominated for a Webby Award! You can help us win the People’s Voice Award by voting here. Vote now! This week on the Lock and Code podcast… We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to […]

While we can probably all agree that there is more than enough proof that social media is bad for the mental health of our children, the methods we are trying to block or ban them seem to do more harm than good. Across the world, lawmakers are tripping over each other to be seen “doing […]

As layoffs surge and job seekers flood the market, phishing campaigns impersonating major brands, including Coca-Cola and Ferrari, are ramping up—and they’re more sophisticated than ever. The first scam we found uses a convincing booking page to collect personal details, then tricks victims into handing over their Google work account credentials through a fake sign-in […]

For the careful VPN customer today, so much depends upon a privacy promise, made, too often, by a company without proof.   No-logs policies, modern encryption algorithms, a refusal to store sensitive customer information, and full ownership of servers are just some of the features that contribute to a strong VPN. Yet they’re the same features that are often impossible for any individual customer to confirm.   This […]

Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March […]

The Internet is filled with people who insist on being right. In the past, at least they could be reasonably sure that they were arguing with other humans. Those days are gone, apparently. Wikipedia just had to ban an AI that was making edits on its own. Apparently, the AI took it personally. The AI, […]

People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture, but people’s day-to-day scam experience is easier to recognize: Our research found that 44% of people say they encounter mobile scams every single day. Two in three say it’s hard […]

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop versions of WhatsApp are generally used as extensions of mobile apps rather […]

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, […]