Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs Family and parenting Lego’s Smart Bricks explained: what they do, and what they don’t January 8, 2026 – A smart toy doesn’t have to be a risky one. Lego’s Smart Bricks add sensors and sound without apps, accounts, or AI. We explain how it works. Bugs CISA warns of active attacks on HPE OneView and legacy PowerPoint Data breaches One million customers on alert as extortion group claims massive Brightspeed data haul Threat Intel Fake WinRAR downloads hide malware behind a real installer Privacy Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES CISA warns of active attacks on HPE OneView and legacy PowerPoint Pieter Arntz January 8, 2026 0 Comments Two actively exploited flaws—one brand new, one 16 years old—have been added to CISA’s KEV catalog, signaling urgent patching. Lego’s Smart Bricks explained: what they do, and what they don’t Danny Bradbury January 8, 2026 0 Comments A smart toy doesn’t have to be a risky one. Lego’s Smart Bricks add sensors and sound without apps, accounts, or AI. We explain how it works. Fake WinRAR downloads hide malware behind a real installer Pieter Arntz January 8, 2026 0 Comments We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer. One million customers on alert as extortion group claims massive Brightspeed data haul Pieter Arntz January 7, 2026 0 Comments The Crimson Collective claims to have stolen data on more than a million Brightspeed customers. The broadband provider is investigating. Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins Pieter Arntz January 6, 2026 0 Comments Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters. Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law Danny Bradbury January 6, 2026 0 Comments The FTC is seeking a $10 million settlement over allegations that children’s privacy laws were violated through the mislabeling of kid-focused YouTube videos. ALPRs are recording your daily drive (Lock and Code S06E26) Malwarebytes Labs January 5, 2026 0 Comments This week on the Lock and Code podcast, we speak with Will Freeman about Automated License Plate Reader (ALPR) surveillance. Grok apologizes for creating image of young girls in “sexualized attire” Pieter Arntz January 5, 2026 0 Comments Having generated content that may violate US child sexual abuse material laws, Grok highlights once again how ineffective AI guardrails can be. A week in security (December 29 – January 4) Malwarebytes Labs January 5, 2026 0 Comments A list of topics we covered in the week of December 29 2025 to January 4 of 2026 1 2 3 … 595 Next Contributors Threat Center Podcast Glossary Scams
