Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs AI Chrome flaw let extensions hijack Gemini’s camera, mic, and file access March 3, 2026 – Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions. AI Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over Threat Intel A fake FileZilla site hosts a malicious download How to Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere Scams Purchase order attachment isn’t a PDF. It’s phishing for your password PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES AI AI If the robots are taking over, you'll want to know about it. READ MORE Data Breaches Data breaches Keep on top of the latest data breach news. READ MORE Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over Danny Bradbury March 3, 2026 0 Comments At the center of the dispute is how far AI models should be allowed to go inside military systems. Chrome flaw let extensions hijack Gemini’s camera, mic, and file access Pieter Arntz March 3, 2026 0 Comments Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions. Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere Pieter Arntz March 2, 2026 0 Comments As Samsung settles a lawsuit over how its smart TVs collect and monetize viewing data using ACR, here's how the rest of us can limit the data we're sharing. A fake FileZilla site hosts a malicious download Stefan Dasic March 2, 2026 0 Comments A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring. Purchase order attachment isn’t a PDF. It’s phishing for your password Pieter Arntz March 2, 2026 0 Comments A fake purchase order attachment turned out to be a phishing page designed to harvest your login details. A week in security (February 23 – March 1) Malwarebytes Labs March 2, 2026 0 Comments A list of topics we covered in the week of February 23 to March 1 of 2026 Public Google API keys can be used to expose Gemini AI data Pieter Arntz February 27, 2026 0 Comments Researchers found that Google API keys long treated as harmless can now unlock access to Gemini. Inside a fake Google security check that becomes a browser RAT Stefan Dasic February 27, 2026 0 Comments Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more. Fake Zoom and Google Meet scams install Teramind: A technical deep dive Stefan Dasic February 26, 2026 0 Comments Attackers don’t always need custom malware. Sometimes they just need a trusted brand and a legitimate tool. 1 2 3 … 606 Next Contributors Threat Center Podcast Glossary Scams
