Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs News Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why? January 23, 2026 – Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise. Data breaches Under Armour ransomware breach: data of 72 million customers appears on the dark web News Fake LastPass maintenance emails target users AI Malicious Google Calendar invites could expose private data News Can you use too many LOLBins to drop some RATs? Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why? Pieter Arntz January 23, 2026 0 Comments Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise. Fake LastPass maintenance emails target users Pieter Arntz January 22, 2026 0 Comments LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours. Under Armour ransomware breach: data of 72 million customers appears on the dark web Pieter Arntz January 22, 2026 0 Comments Customer data allegedly stolen during a ransomware attack on sportswear giant Under Armour is now circulating on the dark web. Can you use too many LOLBins to drop some RATs? Pieter Arntz January 21, 2026 0 Comments An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools. Malicious Google Calendar invites could expose private data Pieter Arntz January 21, 2026 0 Comments Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice. Fake extension crashes browsers to trick users into infecting themselves Pieter Arntz January 20, 2026 0 Comments A fake ad blocker crashes your browser, then uses ClickFix tricks to make you run the malware yourself. Google will pay $8.25m to settle child data-tracking allegations Danny Bradbury January 20, 2026 0 Comments Google-owned AdMob allegedly collected kids' data for ads without parental consent—including IP addresses, usage data, and exact locations. Firefox joins Chrome and Edge as sleeper extensions spy on users Pieter Arntz January 19, 2026 0 Comments Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well. A week in security (January 12 – January 18) Malwarebytes Labs January 19, 2026 0 Comments Last week on Malwarebytes Labs: Stay safe! 1 2 3 … 598 Next Contributors Threat Center Podcast Glossary Scams
