Security News Malwarebytes Labs: A week in security

[Gandalf_The_Grey]

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs:

• Public Google API keys can be used to expose Gemini AI data
• Inside a fake Google security check that becomes a browser RAT
• Fake Zoom and Google Meet scams install Teramind: A technical deep dive
• How to understand and avoid Advanced Persistent Threats
• The Conduent breach; from 10 million to 25 million (and counting)
• Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later
• Developer creates app to detect nearby smart glasses
• Reddit, porn sites fined by UK regulators over children’s safety and privacy
• Roblox gives predators “powerful tools” to target children, says LA County
• Fake Zoom meeting “update” silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims
• Refund scam impersonates Avast to harvest credit card details
• OpenClaw: What is it and can you use it safely?
• Password managers keep your passwords safe, unless…
• Fake Huorong security site infects users with ValleyRAT
• What can’t you say on TikTok?

A week in security (February 23 - March 1)

A list of topics we covered in the week of February 23 to March 1 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (March 2 – March 8)

Last week on Malwarebytes Labs:

• One click on this fake Google Meet update can give attackers control of your PC
• Beware of fake OpenClaw installers, even if Bing points you to GitHub
• Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
• Windows File Shredder: When deleting a file isn’t enough
• Supreme Court to decide whether geofence warrants are constitutional
• Does the UK really want to ban VPNs? And can it be done?
• Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
• High-severity Qualcomm bug hits Android devices in targeted attacks
• Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over
• Chrome flaw let extensions hijack Gemini’s camera, mic, and file access
• Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere
• A fake FileZilla site hosts a malicious download
• Purchase order attachment isn’t a PDF. It’s phishing for your password

Stay safe!

A week in security (March 2 - March 8)

A list of topics we covered in the week of March 2 to March 8 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (March 9 – March 15)

Last week on Malwarebytes Labs:

• Watch out for fake Malwarebytes renewal notices in your calendar
• Google patches two Chrome zero-days under active attack. Update now
• Attackers impersonate Temu in ClickFix $Temu airdrop scam
• Apple patches Coruna exploit kit flaws for older iOS versions
• This Android vulnerability can break your lock screen in under 60 seconds
• Microsoft Authenticator could leak login codes—update your app now
• Meta rolls out anti-scam tools across WhatsApp, Facebook, and Messenger
• Phishers hide scam links with IPv6 trick in “free toothbrush” emails
• Sextortion “I recorded you” emails reuse passwords found in disposable inboxes
• Watch out for tax-season robocalls pushing fake “relief programs”
• March 2026 Patch Tuesday fixes two zero-day vulnerabilities
• How to see your Google Search history (and delete it)
• Signal and WhatsApp accounts targeted in phishing campaign
• Hackers may have breached FBI wiretap network via supply chain
• Fake Claude Code install pages hit Windows and Mac users with infostealers
• Quiz sites trick users into enabling unwanted browser notifications

A week in security (March 9 - March 15)

A list of topics we covered in the week of March 9 to March 15 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (March 16 – March 22)

Last week on Malwarebytes Labs:

• Could your face change what you pay? NYC wants limits on biometric tracking
• That “job brief” on Google Forms could infect your device
• A DarkSword hangs over unpatched iPhones
• Your tax forms sell for $20 on the dark web
• Researchers found font-rendering trick to hide malicious commands
• Apple patches WebKit bug that could let sites access your data
• Inside a network of 20,000+ fake shops
• Fake Pudgy World site steals your crypto passwords
• 90% of people don’t trust AI with their data
• How searching for a VPN could mean handing over your work login details
• Google cracks down on Android apps abusing accessibility
• Hacked sites deliver Vidar infostealer to Windows users
• Zombie ZIP method can fool antivirus during the first scan
• Delete doesn’t mean gone. Here’s how File Shredder fixes that

A week in security (March 16 - March 22)

A list of topics we covered in the week of March 16 to March 22 of 2026

www.malwarebytes.com

 

[Halp2001]

It’s incredible how scammers are now disguising themselves as things we use every day: a Zoom update, a Google notice, or even a job offer.

The big takeaway from this summary is that attackers aren't just 'breaking' systems anymore; they are tricking people. They take advantage of our trust in what looks 'official.' In the end, the best security tool isn't an expensive program, but our own habit of pausing to think: 'Do I really need to install this?' or 'Is this the real website?'.

Thanks for the summary, Gandalf! It really helps us keep our guard up!

 

[Gandalf_The_Grey]

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs:

• Criminals are renting virtual phones to bypass bank security
• Bogus Avast website fakes virus scan, installs Venom Stealer instead
• Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
• GlassWorm attack installs fake browser extension for surveillance
• Landmark verdicts put Meta’s “addiction machine” platforms on trial
• Hackers claim to have accessed data tied to millions of crime tipsters
• New FCC router ban could leave home networks less secure
• Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
• FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
• Scam compounds hiring “AI models” to seal the deal in deepfake video calls
• FriendlyDealer mimics official app stores to push unvetted gambling apps
• The March Madness scam playbook
• Advanced Flow will make Android sideloading safer
• This is all it takes to stop a train (Lock and Code S07E06)

A week in security (March 23 - March 29)

A list of topics we covered in the week of March 23 to March 29 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs:

• That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords
• Blocking children from social media is a badly executed good idea
• Apple expands “DarkSword” patches to iOS 18.7.7
• Malwarebytes Privacy VPN receives full third-party audit
• Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse
• WhatsApp on Windows users targeted in new campaign, warns Microsoft
• Why we’re still not doing April Fools’ Day
• Asking AI for personal advice is a bad idea, Stanford study shows
• Axios supply chain attack chops away at npm trust
• New macOS security feature will alert users about possible ClickFix attacks

A week in security (March 30 - April 5)

A list of topics we covered in the week of March 30 to April 5 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (April 6 – April 12)

Last week on Malwarebytes Labs:

• Fake Claude site installs malware that gives attackers access to your computer
• ClickFix finds a new way to infect Macs
• Scammers pose as Amazon support to steal your account
• NSFW app leak exposes 70,000 prompts linked to individual users
• 30,000 private Facebook images allegedly downloaded by Meta employee
• This fake Windows support website delivers password-stealing malware
• Your extensions leak clues about you, so we made sure Browser Guard doesn’t
• Russian hacking group targets home and small office routers to spy on users
• Timeshare owners warned to watch out for cartel-linked scams
• Traffic violation scams swap links for QR codes to steal your card details
• Support platform breach exposes Hims & Hers customer data
• Killer robots are here. Now what? (Lock and Code S07E07)

A week in security (April 6 - April 12)

A list of topics we covered in the week of April 6 to April 12 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (April 13 – April 19)

Last week on Malwarebytes Labs:

• This old-school scam is still working
• “Your shipment has arrived” email hides remote access software
• Browser Guard gets even better with Access Control
• “iCloud storage is full” scam is back, and now it wants your payment details
• A fake Slack download is giving attackers a hidden desktop on your machine
• Booking.com breach gives scammers what they need to target guests
• AI clickbait can turn your notifications into a scam feed
• Fake YouTube copyright notices can steal your Google login
• From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
• April Patch Tuesday fixes two zero-days, including one under active attack
• Credit Resources Vault: Why this credit email set off our scam alarms
• Omnistealer uses the blockchain to steal everything it can
• ChatGPT under scrutiny as Florida investigates campus shooting
• Simply opening a PDF could trigger this Adobe Reader zero-day

A week in security (April 13 - April 19)

A list of topics we covered in the week of April 13 to April 19 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (April 20 – April 26)

Last week on Malwarebytes Labs:

• Medical data of 500,000 UK volunteers listed for sale on Alibaba
• How cyberattacks on companies affect everyone
• Apple fixes iOS bug that kept deleted notifications, including chat previews
• Roblox clamps down on chats and age checks as legal pressure builds
• Malicious trading website drops malware that hands your browser to attackers
• Researcher claims Claude Desktop installs “spyware” on macOS
• Fake Google Antigravity downloads are stealing accounts in minutes
• Real Apple notifications are being used to drive tech support scams
• Android 17 ends all-or-nothing access to your contacts
• Big Tech can stop scams. They just don’t (Lock and Code S07E08)
• Mythos: An AI tool too powerful for public release

A week in security (April 20 - April 26)

A list of topics we covered in the week of April 20 to April 26 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (April 27 – May 3)

Last week on Malwarebytes Labs:

• 3 easy-to-miss cybersecurity risks for small businesses
• Actively exploited cPanel bug exposes millions of websites to takeover
• More PayPal emails hijacked to deliver tech support scams
• Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do
• Researchers built a chatbot that only knows the world before 1931
• Microsoft won’t patch PhantomRPC: Feature or bug?
• Scam-checking just got a lot easier: Malwarebytes is now in Claude
• Fake CAPTCHA scam turns a quick click into a costly phone bill
• Chinese engineer stole US military and NASA software for years

A week in security (April 27 - May 3)

A list of topics we covered in the week of April 27 to May 3 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (May 4 – May 10)

Last week on Malwarebytes Labs:

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?
• Google Chrome’s silent 4GB AI download problem
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
• Millions of students’ personal data stolen in major education breach
• Update WhatsApp now: Two new flaws could expose you to malicious files
• Cyberattacks are raising your prices (Lock and Code S07E09)
• Thousands of Facebook accounts stolen by phishing emails sent through Google
• The 2026 World Cup scam economy is already running before the first whistle

A week in security (May 4 - May 10)

A list of topics we covered in the week of May 4 to May 10 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (May 11 – May 17)

Last week on Malwarebytes Labs:

• Attackers replaced JDownloader installer downloads with malware
• Meta’s confusing new approach to chat privacy
• Why Malwarebytes blocks some Yahoo Mail redirects
• Fake Claude search results lure Mac users into ClickFix attack
• Deepfake sextortion forces schools to remove student photos from websites
• Texas sued Netflix over claims it secretly collected and sold users’ data
• May 2026 Patch Tuesday: no zero-days but plenty to fix
• 1 in 8 employees have sold company logins or know someone who has
• Stolen Canvas data was “returned” after hacker agreement, Instructure says
• Yarbo responds to robot flaws that could mow down their owners

A week in security (May 11 - May 17)

A list of topics we covered in the week of May 11 to May 17 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (May 18 – May 24)

Last week on Malwarebytes Labs:

• Update Chrome now: Critical bugs could let attackers run code
• Microsoft Defender vulnerabilities are being exploited in the wild
• TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
• Catch spyware in the act with Windows Webcam Monitoring
• Researchers left AI agents alone in a virtual town and watched it all unravel
• Fake malware-signing service Fox Tempest dismantled by Microsoft
• Firefox 151 packs big privacy upgrades into a small update
• Biometrics, diagnoses, and bank details exposed in major healthcare breach
• Facebook scam promises cheap Aldi meat boxes, steals payment info instead
• YouTube wants your face to fight deepfakes
• Microsoft is changing Edge’s plaintext password behavior
• AI is distorting the Holocaust (Lock and Code S07E10)

A week in security (May 18 - May 24)

A list of topics we covered in the week of May 18 to May 24 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (May 25 – May 31)

Last week on Malwarebytes Labs:

• Payment apps are watching what you say (Lock and Code S07E11)
• Scammers pretending to be Microsoft had help from US executives
• 700+ education and tech websites hijacked in huge ClickFix malware campaign
• Fake software on GitHub and SourceForge distribute Deno RAT
• Fake LinkedIn emails abuse Adobe to track victims
• Company bragged phone mics could listen to conversations. They couldn’t.
• Kali365 phishing kit bypasses MFA and steals Microsoft logins
• Fake ChatGPT download site infects Windows and Mac users with malware
• Your Windows PC has a security deadline in June 2026
• Carnival confirms data breach impacting nearly 6 million
• Signal users targeted in backup-stealing phishing attacks

A week in security (May 25 - May 31)

A list of topics we covered in the week of May 25 to May 31 of 2026

www.malwarebytes.com

 

[Gandalf_The_Grey]

A week in security (June 1 – June 7)

Last week on Malwarebytes Labs:

• Your phone called. It needs a cleanup.
• Fake BlueWallet steals passwords, accounts, and crypto from Macs
• Fake virus alerts are invading mobile games
• 23andMe exposed genetic information of millions, lawsuit says
• These convincing copyright notices are designed to steal Google logins
• Infostealers are becoming the go-to phishing payload
• Keep getting calls from questionable numbers? Meet Scam Number Check
• We found this fake-invoice campaign while scammers were still building it
• Meta’s AI support bot happily handed Instagram accounts to hackers
• Travel scams are everywhere. Here’s how to avoid them
• AI: Threat, tool, or both?

A week in security (June 1 - June 7)

A list of topics we covered in the week of June 1 to June 7 of 2026

www.malwarebytes.com