NEWS

Under Armour

Under Armour ransomware breach: data of 72 million customers appears on the dark web

January 22, 2026

Customer data allegedly stolen during a ransomware attack on sportswear giant Under Armour is now circulating on the dark web.

Two rats

Can you use too many LOLBins to drop some RATs?

January 21, 2026

An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools.

Calendar invite Gemini

Malicious Google Calendar invites could expose private data

January 21, 2026

Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice.

Laptop showing a warning

Fake extension crashes browsers to trick users into infecting themselves

January 20, 2026

A fake ad blocker crashes your browser, then uses ClickFix tricks to make you run the malware yourself.

Google

Google will pay $8.25m to settle child data-tracking allegations

January 20, 2026

Google-owned AdMob allegedly collected kids' data for ads without parental consent—including IP addresses, usage data, and exact locations.

sleeper browser extensions for three popular browsers

Firefox joins Chrome and Edge as sleeper extensions spy on users

January 19, 2026

Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well.

week in security

A week in security (January 12 – January 18)

January 19, 2026

Last week on Malwarebytes Labs: Stay safe!

earbuds

WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping

January 16, 2026

Researchers demonstrated WhisperPair, a set of attacks that can take control of many widely used Bluetooth earbuds and headphones without user interaction.

Ticket scams

Dutch police sell fake tickets to show how easily scams work

January 16, 2026

A fake ticket website that ended with a digital finger-wag showed just how many people still fall for concert and sports ticket scams.