Malwarebytes
@malwarebytes.com
All-in-one cybersecurity that's always by your side
https://www.malwarebytes.com/
https://www.malwarebytes.com/
WhisperPair allows attackers to hijack popular Bluetooth audio devices using Google Fast Pair and, in some cases, track their location via Google’s Find Hub.
WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping
Researchers demonstrated WhisperPair, a set of attacks that can take control of many widely used Bluetooth earbuds and headphones without user interaction.
bit.ly
January 16, 2026 at 1:46 PM
WhisperPair allows attackers to hijack popular Bluetooth audio devices using Google Fast Pair and, in some cases, track their location via Google’s Find Hub.
The Dutch police ran a fake ticket website mimicking real scams to teach people how easily ticket fraud works.
Dutch police sell fake tickets to show how easily scams work
A fake ticket website that ended with a digital finger-wag showed just how many people still fall for concert and sports ticket scams.
www.malwarebytes.com
January 16, 2026 at 10:24 AM
The Dutch police ran a fake ticket website mimicking real scams to teach people how easily ticket fraud works.
Online shoppers, beware: Magecart skimming attacks are targeting major payment networks like American Express, Diners Club, Discover, and Mastercard.
Stay informed and protect your data with our latest article.
Stay informed and protect your data with our latest article.
Online shoppers at risk as Magecart skimming hits major payment networks
A Magecart campaign is skimming card data from online checkouts tied to major payment networks, including AmEx, Diners Club, and Mastercard.
www.malwarebytes.com
January 15, 2026 at 8:06 PM
Online shoppers, beware: Magecart skimming attacks are targeting major payment networks like American Express, Diners Club, Discover, and Mastercard.
Stay informed and protect your data with our latest article.
Stay informed and protect your data with our latest article.
The attack flow abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session.
https://bit.ly/45Gk9mo
https://bit.ly/45Gk9mo
"Reprompt" attack lets attackers steal data from Microsoft Copilot
Researchers found an attack vector against Microsoft Copilot to steal data from a user that clicked a fabricated link
bit.ly
January 15, 2026 at 2:11 PM
The attack flow abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session.
https://bit.ly/45Gk9mo
https://bit.ly/45Gk9mo
Fake LinkedIn profiles are posting comments threatening account suspensions that lead to real phishing sites.
Phishing scammers are posting fake “account restricted” comments on LinkedIn
Fake LinkedIn comments warning of account restrictions are designed to trick users into revealing their login details.
www.malwarebytes.com
January 14, 2026 at 5:42 PM
Fake LinkedIn profiles are posting comments threatening account suspensions that lead to real phishing sites.
Data brokers being held accountable is a trend we are absolutely here for.
Data broker fined after selling Alzheimer’s patient info and millions of sensitive profiles
A data broker was fined by California regulators for selling sensitive data on Alzheimer’s patients and millions of others.
www.malwarebytes.com
January 13, 2026 at 11:45 PM
Data brokers being held accountable is a trend we are absolutely here for.
Upgrading requires a restart, which makes this a win-win: you get the latest protections, and any memory-resident malware is flushed at the same time.
Why iPhone users should update and restart their devices now
Apple has confirmed active exploitation, but full protections are limited to iPhones running iOS 26+ (yes, the one with Liquid Glass).
bit.ly
January 13, 2026 at 2:19 PM
Upgrading requires a restart, which makes this a win-win: you get the latest protections, and any memory-resident malware is flushed at the same time.
Did you receive an unsolicited Instagram password reset email? Here’s what you need to know.
Received an Instagram password reset email? Here’s what you need to know
Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.
www.malwarebytes.com
January 12, 2026 at 9:49 PM
Did you receive an unsolicited Instagram password reset email? Here’s what you need to know.
Grok’s lapse on sexualized images of minors has become a global regulatory stress test for xAI, unlikely to be fixed with a simple apology or hotfix.
Regulators around the world are scrutinizing Grok over sexual deepfakes
Grok’s apology is unlikely to be the end of the story after the AI tool was used to generate content that may constitute illegal child sexual abuse material.
bit.ly
January 12, 2026 at 6:57 PM
Grok’s lapse on sexualized images of minors has become a global regulatory stress test for xAI, unlikely to be fixed with a simple apology or hotfix.
From earning seven straight MRG Effitas Android 360° certifications to a perfect score in AVLab Cybersecurity Foundation’s real-world malware test, Malwarebytes kept its winning-streak alive in 2025. 🥳 🎉
Celebrating reviews and recognitions for Malwarebytes in 2025
In 2025, Malwarebytes was repeatedly tested against real-world threats. Here’s what those tests found.
www.malwarebytes.com
January 12, 2026 at 3:22 PM
From earning seven straight MRG Effitas Android 360° certifications to a perfect score in AVLab Cybersecurity Foundation’s real-world malware test, Malwarebytes kept its winning-streak alive in 2025. 🥳 🎉
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.
This data is available for sale on the dark web and can be abused by cybercriminals.
This data is available for sale on the dark web and can be abused by cybercriminals.
January 9, 2026 at 4:34 PM
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.
This data is available for sale on the dark web and can be abused by cybercriminals.
This data is available for sale on the dark web and can be abused by cybercriminals.
Founder Bryan Fleming pleaded guilty to computer hacking, unlawfully selling and advertising spyware, and conspiracy.
pcTattletale founder pleads guilty as US cracks down on stalkerware
After years of security failures and partner-spying marketing, pcTattletale’s founder has pleaded guilty in a rare US federal stalkerware case.
bit.ly
January 9, 2026 at 4:25 PM
Founder Bryan Fleming pleaded guilty to computer hacking, unlawfully selling and advertising spyware, and conspiracy.
ChatGPT Health lets users connect their medical records and wellness apps so the model can answer questions in a more personalized way.
Are we ready for ChatGPT Health?
Linking your medical records to ChatGPT Health may give you personalized wellness answers, but it also comes with serious privacy implications.
bit.ly
January 9, 2026 at 2:18 PM
ChatGPT Health lets users connect their medical records and wellness apps so the model can answer questions in a more personalized way.
Not your grandma’s LEGO: these 2×4 bricks pack a sub-stud-sized ASIC chip with motion, light, and sound sensors, LEDs, and a tiny synth that generates sounds in real time.
Lego’s Smart Bricks explained: what they do, and what they don’t
A smart toy doesn’t have to be a risky one. Lego’s Smart Bricks add sensors and sound without apps, accounts, or AI. We explain how it works.
bit.ly
January 8, 2026 at 2:16 PM
Not your grandma’s LEGO: these 2×4 bricks pack a sub-stud-sized ASIC chip with motion, light, and sound sensors, LEDs, and a tiny synth that generates sounds in real time.
We found a fake WinRAR installer spreading through unofficial sites, using layered malware to check the system and deliver the most effective payload.
Fake WinRAR downloads hide malware behind a real installer
We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.
bit.ly
January 8, 2026 at 11:03 AM
We found a fake WinRAR installer spreading through unofficial sites, using layered malware to check the system and deliver the most effective payload.
Crimson Collective claims massive Brightspeed data.
One million customers on alert as extortion group claims massive Brightspeed data haul
The Crimson Collective claims to have stolen data on more than a million Brightspeed customers. The broadband provider is investigating.
www.malwarebytes.com
January 8, 2026 at 5:46 AM
Crimson Collective claims massive Brightspeed data.
Attackers are sending convincingly fake “Google” emails that bypass spam filters, leading users to a fraudulent Microsoft 365 sign-in page.
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins
Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.
bit.ly
January 6, 2026 at 5:25 PM
Attackers are sending convincingly fake “Google” emails that bypass spam filters, leading users to a fraudulent Microsoft 365 sign-in page.
The FTC announced that Disney will pay a $10 million settlement following allegations of violating children's privacy rights.
Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law
The FTC is seeking a $10 million settlement over allegations that children’s privacy laws were violated through the mislabeling of kid-focused YouTube videos.
bit.ly
January 6, 2026 at 2:04 PM
The FTC announced that Disney will pay a $10 million settlement following allegations of violating children's privacy rights.
Spotting what is a scam and what is real can be tricky enough without AI making scams more convincing.
How AI made scams more convincing in 2025
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control.
www.malwarebytes.com
January 5, 2026 at 2:32 PM
Spotting what is a scam and what is real can be tricky enough without AI making scams more convincing.
Another AI built for power and engagement reveals how guardrails fail when speed and competition outpace safety.
Grok apologizes for creating image of young girls in “sexualized attire”
Having generated content that may violate US child sexual abuse material laws, Grok highlights once again how ineffective AI guardrails can be.
bit.ly
January 5, 2026 at 1:33 PM
Another AI built for power and engagement reveals how guardrails fail when speed and competition outpace safety.
If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch.
In 2025, age checks started locking people out of the internet
Lawmakers enforced age checks, websites blocked entire countries, and users turned to VPNs to get around them.
www.malwarebytes.com
December 31, 2025 at 5:32 PM
If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch.
When AI became the star of 2025, were users too eager to data trade privacy for technological progress?
2025 exposed the risks we ignored while rushing AI
We explore how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
www.malwarebytes.com
December 31, 2025 at 3:23 PM
When AI became the star of 2025, were users too eager to data trade privacy for technological progress?
Cybersecurity isn't just a Windows problem.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Malware in 2025 spread far beyond Windows PCs
Windows isn’t the only target anymore. In 2025, malware increasingly targeted Android, macOS, and multiple platforms at once.
www.malwarebytes.com
December 29, 2025 at 2:34 PM
Cybersecurity isn't just a Windows problem.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Cybercriminals are expanding beyond PCs using social engineering and advanced tactics built specifically for mobile and Apple platforms.
Smartphones, tablets, and other connected devices are now prime targets.
If it’s connected, it needs protected.
Hactivists scrape Spotify's catalog and host it online for free.
Hacktivists claim near-total Spotify music scrape
Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about?
www.malwarebytes.com
December 23, 2025 at 7:54 PM
Hactivists scrape Spotify's catalog and host it online for free.