Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs News Hacktivists claim near-total Spotify music scrape December 23, 2025 – Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about? News Pornhub tells users to expect sextortion emails after data exposure Bugs CISA warns ASUS Live Update backdoor is still exploitable, seven years on News The ghosts of WhatsApp: How GhostPairing hijacks accounts Mobile Android mobile adware surges in second half of 2025 Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES Hacktivists claim near-total Spotify music scrape Pieter Arntz December 23, 2025 0 Comments Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about? Pornhub tells users to expect sextortion emails after data exposure Pieter Arntz December 22, 2025 0 Comments Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns. A week in security (December 15 – December 21) Malwarebytes Labs December 22, 2025 0 Comments A list of topics we covered in the week of December 15 to December 21 of 2025 CISA warns ASUS Live Update backdoor is still exploitable, seven years on Pieter Arntz December 19, 2025 0 Comments Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog. The ghosts of WhatsApp: How GhostPairing hijacks accounts Pieter Arntz December 18, 2025 0 Comments Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts. Chrome extension slurps up AI chats after users installed it for privacy Danny Bradbury December 18, 2025 0 Comments The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to. Two Chrome flaws could be triggered by simply browsing the web: Update now Pieter Arntz December 17, 2025 0 Comments Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content. Inside a purchase order PDF phishing campaign Pieter Arntz December 17, 2025 0 Comments A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next. SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there Pieter Arntz December 16, 2025 0 Comments We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken. 1 2 3 … 593 Next Contributors Threat Center Podcast Glossary Scams
