Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs News GhostFrame phishing kit fuels widespread attacks against millions December 10, 2025 – GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools. News EU fines X $140m, tied to verification rules that make impostor scams easier AI Prompt injection is a problem that may never be fixed, warns NCSC Inside Malwarebytes Deepfakes, AI resumes, and the growing threat of fake applicants AI Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices Pieter Arntz December 10, 2025 0 Comments The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web. GhostFrame phishing kit fuels widespread attacks against millions Pieter Arntz December 10, 2025 0 Comments GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools. Prompt injection is a problem that may never be fixed, warns NCSC Pieter Arntz December 9, 2025 0 Comments The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare? EU fines X $140m, tied to verification rules that make impostor scams easier Danny Bradbury December 9, 2025 0 Comments The core problem persists: anyone can still buy a 'verified' checkmark from X, so don't take their authenticity for granted. Deepfakes, AI resumes, and the growing threat of fake applicants mverburgh December 9, 2025 0 Comments Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs. How phishers hide banking scams behind free Cloudflare Pages Pieter Arntz December 8, 2025 0 Comments We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram. Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI Pieter Arntz December 8, 2025 0 Comments Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns. A week in security (December 1 – December 7) Malwarebytes Labs December 8, 2025 0 Comments A list of topics we covered in the week of December 1 to December 7 of 2025 Leaks show Intellexa burning zero-days to keep Predator spyware running Pieter Arntz December 5, 2025 0 Comments A fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days. 1 2 3 … 591 Next Contributors Threat Center Podcast Glossary Scams
