Bugs | Malwarebytes Blog

Personal
< Products
Device Protection & Antivirus
Premium Security Antivirus
Mobile Security for Android & iOS
Identity Protection
Identity Theft Protection
Personal Data Remover
Digital Footprint Scanner
Privacy Protection
Privacy VPN
Browser Guard
AdwCleaner
Have a current computer infection?
Free Virus Scan
Worried it’s a scam?
Free Scam Guard tool
Try our antivirus with a free, full-featured 14-day trial
Free Antivirus
Get your free digital security toolkit
Explore all free tools

Find the right cyberprotection for you
Compare plans and pricing
Business

< Business

Teams
Protect small & home offices – no IT expertise needed
ThreatDown
Award-winning endpoint security for small and medium businesses
Pricing

< Pricing

Personal pricing
Protect your personal devices and data
Small or home office pricing
Protect your team’s devices and data – no IT skills needed
Corporate pricing
Explore award-winning endpoint security for your business
Partners
Resources
< Resources
Security terms glossary
Threat Center
Blog – Cybersecurity News
About Malwarebytes
Press
Careers
Cybersecurity Resource Center
Antivirus
Malware
Phishing
Ransomware
Small business hub
See all articles
Help

< Support

Malwarebytes Help Center
Malwarebytes and Teams Customers
ThreatDown Business Support
Nebula and Oneview Customers
Community Forums

BUGS

Interview with a bug bounty hunter

Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw

March 25, 2026

We talked to Khaled Mohamed on going from script kiddie to bug bounty hunter, and the moment he uncovered a flaw in Microsoft Authenticator.

Apple patches WebKit bug that could let sites access your data

March 18, 2026

Apple has released a Background Security Improvement that silently fixes a WebKit vulnerability (CVE-2026-20643).

Zombie zip

Zombie ZIP method can fool antivirus during the first scan

March 16, 2026

Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.

week in security

A week in security (March 9 – March 15)

March 16, 2026

A list of topics we covered in the week of March 9 to March 15 of 2026

[updated] Google patches two Chrome zero-days under active attack

March 13, 2026

Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.

three iPhones

Apple patches Coruna exploit kit flaws for older iOS versions

March 12, 2026

Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit.

Android patch

This Android vulnerability can break your lock screen in under 60 seconds

March 12, 2026

Researchers showed how attackers could pull encryption keys, recover the PIN, and access sensitive data from affected devices.

Microsoft Authenticator could leak login codes—update your app now

March 12, 2026

A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links.

March 2026 Patch Tuesday fixes two zero-day vulnerabilities

March 11, 2026

Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services.

1 2 3 … 50 Next