Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs News Pornhub tells users to expect sextortion emails after data exposure December 22, 2025 – Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns. Bugs CISA warns ASUS Live Update backdoor is still exploitable, seven years on News The ghosts of WhatsApp: How GhostPairing hijacks accounts Mobile Android mobile adware surges in second half of 2025 News Chrome extension slurps up AI chats after users installed it for privacy Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES Pornhub tells users to expect sextortion emails after data exposure Pieter Arntz December 22, 2025 0 Comments Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns. A week in security (December 15 – December 21) Malwarebytes Labs December 22, 2025 0 Comments A list of topics we covered in the week of December 15 to December 21 of 2025 CISA warns ASUS Live Update backdoor is still exploitable, seven years on Pieter Arntz December 19, 2025 0 Comments Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog. The ghosts of WhatsApp: How GhostPairing hijacks accounts Pieter Arntz December 18, 2025 0 Comments Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts. Chrome extension slurps up AI chats after users installed it for privacy Danny Bradbury December 18, 2025 0 Comments The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to. Two Chrome flaws could be triggered by simply browsing the web: Update now Pieter Arntz December 17, 2025 0 Comments Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content. Inside a purchase order PDF phishing campaign Pieter Arntz December 17, 2025 0 Comments A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next. SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there Pieter Arntz December 16, 2025 0 Comments We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken. Android mobile adware surges in second half of 2025 Pieter Arntz December 16, 2025 0 Comments Malwarebytes threat research reveals spike in adware and malicious malware families Triada and MobiDash heading into the holiday season. 1 2 3 … 593 Next Contributors Threat Center Podcast Glossary Scams
