Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs Mobile DroidLock malware locks you out of your Android device and demands ransom December 11, 2025 – Researchers have found Android malware that holds your files and your device hostage until you pay the ransom. Bugs Another Chrome zero-day under attack: update now News Malwarebytes for Mac now has smarter, deeper scans News GhostFrame phishing kit fuels widespread attacks against millions News EU fines X $140m, tied to verification rules that make impostor scams easier Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES How private is your VPN? Matt Burgess December 12, 2025 0 Comments After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here’s what I wish everyone knew. DroidLock malware locks you out of your Android device and demands ransom Pieter Arntz December 11, 2025 0 Comments Researchers have found Android malware that holds your files and your device hostage until you pay the ransom. Malwarebytes for Mac now has smarter, deeper scans Tjitske de Vries December 11, 2025 0 Comments Say hello to the upgraded Malwarebytes for Mac, with stronger protection and more control. Another Chrome zero-day under attack: update now Pieter Arntz December 11, 2025 0 Comments If we’re lucky, this update will close out 2025’s run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild. December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices Pieter Arntz December 10, 2025 0 Comments The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web. GhostFrame phishing kit fuels widespread attacks against millions Pieter Arntz December 10, 2025 0 Comments GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools. Prompt injection is a problem that may never be fixed, warns NCSC Pieter Arntz December 9, 2025 0 Comments The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare? EU fines X $140m, tied to verification rules that make impostor scams easier Danny Bradbury December 9, 2025 0 Comments The core problem persists: anyone can still buy a 'verified' checkmark from X, so don't take their authenticity for granted. Deepfakes, AI resumes, and the growing threat of fake applicants mverburgh December 9, 2025 0 Comments Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs. 1 2 3 … 591 Next Contributors Threat Center Podcast Glossary Scams
