Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March […]

The Internet is filled with people who insist on being right. In the past, at least they could be reasonably sure that they were arguing with other humans. Those days are gone, apparently. Wikipedia just had to ban an AI that was making edits on its own. Apparently, the AI took it personally. The AI, […]

People lost an estimated $442 billion to scams last year worldwide, according to the Global Anti-Scam Alliance. The scale of that is hard to picture, but people’s day-to-day scam experience is easier to recognize: Our research found that 44% of people say they encounter mobile scams every single day. Two in three say it’s hard […]

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop versions of WhatsApp are generally used as extensions of mobile apps rather […]

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, […]

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That’s a worrying development, especially given Pew research figures showing nearly one in eight (12%) of American teenagers have turned […]

Rumor has it that Apple deployed a new security feature in the fight against ClickFix. The new feature will be available for macOS Tahoe 26.4 and it will warn Mac users if they paste certain commands into the Terminal app that might be harmful. If such a command is pasted, macOS will warn the users with […]

Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind the scenes to let apps talk to the internet. For example, Axios makes requests such as “get my messages from the server” or “send this form to the website” easier […]

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for surveillance Landmark verdicts put Meta’s “addiction machine” platforms on trial Hackers claim to have […]

A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re given is actually Venom Stealer—a type […]