Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs Mobile Leaks show Intellexa burning zero-days to keep Predator spyware running December 5, 2025 – A fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days. Bugs Update Chrome now: Google fixes 13 security issues affecting billions News Canadian police trialing facial recognition bodycams News “Sleeper” browser extensions woke up as spyware on 4 million devices Mobile Google patches 107 Android flaws, including two being actively exploited Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES New ClickFix wave infects users with hidden malware in images and fake Windows updates Pieter Arntz November 25, 2025 0 Comments ClickFix just got more convincing, hiding malware in PNG images and faking Windows updates to make users run dangerous commands. WhatsApp closes loophole that let researchers collect data on 3.5B accounts Danny Bradbury November 25, 2025 0 Comments A weak spot in WhatsApp’s API allowed researchers to scrape data linked to 3.5 billion registered accounts, including profile photos and “about” text. The hidden costs of illegal streaming and modded Amazon Fire TV Sticks Pieter Arntz November 24, 2025 0 Comments New research shows that "modded Amazon Fire TV Sticks" and piracy apps often lead to scams, stolen data, and financial loss. Black Friday scammers offer fake gifts from big-name brands to empty bank accounts Stefan Dasic November 24, 2025 0 Comments Inside a massive malicious ad campaign that mimics brands like LEGO, Lululemon, and Louis Vuitton to trick shoppers into handing over bank details. Matrix Push C2 abuses browser notifications to deliver phishing and malware Pieter Arntz November 24, 2025 0 Comments Attackers can send highly realistic push notifications through your browser, including fake alerts that can lead to malware or phishing pages. A week in security (November 17 – November 23) Malwarebytes Labs November 24, 2025 0 Comments A list of topics we covered in the week of November 17 to November 23 of 2025 AI teddy bear for kids responds with sexual content and advice about weapons Pieter Arntz November 21, 2025 0 Comments FoloToy's AI teddy bear, Kumma, crossed serious lines, raising fresh concerns about how little oversight exists for AI toys marketed to children. Fake calendar invites are spreading. Here’s how to remove them and prevent more Pieter Arntz November 21, 2025 0 Comments Calendar spam is a growing problem, often arriving as email attachments or as download links in messaging apps. Budget Samsung phones shipped with unremovable spyware, say researchers Danny Bradbury November 20, 2025 0 Comments Samsung is under fire again for shipping phones in parts of the world with a hidden system app, AppCloud, that users can’t easily remove. Previous 1 2 3 4 5 … 590 Next Contributors Threat Center Podcast Glossary Scams
