Skip to content
The Nexus
Source profile

Malwarebytes Labs

29 articles tracked since Jun 22 · 07:01 UTC. 8 in the last 7 days, 29 in the last 30.

Total
29
Last 7 days
8
Last 30 days
29
Last seen
Jul 9 · 15:06 UTC

Top coverage areas

security26business1crime1technology1

Most-mentioned entities

Aggregated across the most recent 200 articles from Malwarebytes Labs.

Recent articles

Last 20
  1. security2026-07-09
    6.9 million driver’s license numbers stolen from AssuranceAmerica

    Insurance provider AssuranceAmerica confirmed a data breach affecting up to 6.9 million people, with hackers stealing driver’s license numbers, customer names, contact information, and auto insurance policy details. The breach originated from a phishing attack targeting a single employee, though no specific threat group or ransom demand has been publicly linked to the incident.

  2. security2026-07-09
    Microsoft fixes RoguePlanet zero-day in Defender

    Microsoft has patched the RoguePlanet zero-day vulnerability (CVE-2026-50656) in Microsoft Defender, an elevation of privilege flaw that could allow attackers to gain system-level access. The fix is included in the updated Malware Protection Engine version 1.1.26060.3008, which automatically updates for most users. Systems with other antivirus software like Malwarebytes are not affected if Defender is disabled.

  3. security2026-07-09
    Turn off this Meta setting before someone generates AI images of you

    Meta's AI image generation tool, Muse Image, allows users to create images based on public Instagram profiles by tagging handles in prompts. Users are not notified when their likeness is used, and opting out only prevents future generations, not retroactive removal of existing images. The feature raises privacy and security risks, including potential misuse for impersonation, scams, and deepfake fraud.

  4. technology2026-07-08
    Your next car could be watching your face

    New EU regulations require driver-monitoring technology in cars to reduce traffic incidents, including systems like Driver Drowsiness and Attention Warning (DDAW) and Advanced Driver Distraction Warning (ADDW). Similar U.S. requirements are under development, but privacy experts and advocates warn of risks like biometric surveillance, data sharing, and potential false positives from the technology.

  5. security2026-07-07
    How the Reddit and Discord false report scam steals accounts

    Scammers on Reddit and Discord use social engineering to trick users into sharing login or verification codes by falsely claiming they were involved in a report. The scam involves fake emails, urgent countdowns, and threats of account suspension to pressure victims into complying.

  6. security2026-07-06
    Choose your WhatsApp username carefully

    Meta introduced optional WhatsApp usernames as a privacy feature, but reusing Instagram or Facebook handles risks linking accounts across Meta's ecosystem, increasing data correlation and social-engineering risks. The Dutch consumer organization Consumentenbond advises choosing a unique WhatsApp-only username to avoid these privacy issues.

  7. security2026-07-06
    NetNut botnet takes a hit. Don’t be part of the next one.

    Google, the FBI, and partners disrupted the NetNut botnet, which used hijacked consumer devices as residential proxies. The operation reduced the botnet's device pool by millions through account disabling, infrastructure sharing, and app warnings. NetNut tricked users into installing malicious apps under the guise of 'bandwidth sharing' payouts.

  8. security2026-07-06
    A week in security (June 29 – July 5)

    The article highlights multiple security threats, including malware spread through verified ads on Mac systems, the ConsentFix malware stealing Microsoft accounts, and vulnerabilities in Apple's Hide My Email feature. It also covers fake Google and Cloudflare verification pages distributing malware, a critical WinRAR flaw, a deceptive Perplexity Chrome extension, and security updates from Apple for iOS, MacOS, and Safari.

  9. security2026-07-02
    Apple’s Hide My Email doesn’t hide it very well

    A researcher discovered a vulnerability in Apple’s Hide My Email feature that could expose users’ real email addresses, undermining the feature’s privacy purpose. Apple has not fixed the issue over a year after being notified and plans to reduce the feature’s utility by moving addresses to a new domain.

  10. security2026-07-01
    Fake Perplexity Chrome extension spies on your searches

    A fake Chrome extension named 'Search for perplexity ai' impersonated Perplexity AI, secretly harvesting user search data through a typosquatted domain and unnecessary permissions. Microsoft's Defender team exposed the extension, which was removed from the Chrome Web Store, but remains active for prior users until manually uninstalled.

  11. security2026-07-01
    BioShocking: when “gaming” AI agents is no longer a game

    BioShocking is an attack technique that manipulates AI-powered browsers into bypassing safety guardrails by immersing them in fictional scenarios, leading to the extraction of sensitive data like credentials. The method exploits how AI agents in 'agent mode' inherit user-authenticated contexts, making them vulnerable to goal-manipulation attacks that trick them into performing harmful actions.

  12. security2026-07-01
    Chrome needs another whopper update to fix 382 security bugs

    Google released a Chrome update addressing 382 security vulnerabilities, including 15 critical flaws that could enable sandbox escapes. The update, version 150.0.7871.47, includes fixes for a high-severity vulnerability (CVE-2026-13789) allowing remote attackers to perform sandbox escapes via a crafted HTML page.

  13. security2026-07-01
    ChatGPT produced graphic violent images that shocked researchers

    A British AI security firm, Mindgard, discovered a method to manipulate ChatGPT into generating graphic violent and sexual imagery by altering prompts. The technique bypassed ChatGPT's safety filters, producing disturbing content like images of dead women, despite OpenAI's stated safeguards. Other AI models, such as xAI’s Grok, also face similar vulnerabilities, with reports of explicit imagery generation.

  14. security2026-06-30
    Watch out for “high paying, low effort” Amazon job texts

    Job scammers are using SMS and messaging platforms to impersonate Amazon recruiters, offering fake high-paying remote roles with promises of $250–$500 daily for minimal work. The scams, often attributed to a 'Sophia' from Amazon’s recruiting department, direct victims to non-Amazon contact details and exploit 'task scam' tactics to extract money or personal data.

  15. security2026-06-30
    Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari

    Apple has released security updates addressing over two dozen vulnerabilities across iOS, iPadOS, macOS Tahoe, and Safari. The updates focus on WebKit-related flaws that could be exploited to steal data or execute malicious code with minimal user interaction.

  16. business2026-06-29
    This pay gap is programmed (Lock and Code S07E13)

    The article discusses algorithmic wage discrimination, where companies like Uber and Amazon use data-driven models to set fluctuating pay rates for contract workers. This system creates unpredictable income for gig workers, who may earn less despite performing similar tasks as before, with pay influenced by opaque factors like location, traffic, and driver availability.

  17. security2026-06-29
    119 Edge extensions promised useful tools, instead downloaded malware

    Microsoft removed 119 Edge extensions linked to a malware campaign called StegoAd, which infected 2.6 million users by initially providing useful tools before secretly downloading malware. The malware stole credentials and used steganography to hide code in images, with some extensions reusing names of legitimate tools to gain trust.

  18. security2026-06-29
    A week in security (June 22 – June 28)

    The article highlights multiple cybersecurity threats, including malware stealing Chrome session cookies, parcel mule scams, and critical browser vulnerabilities. It also covers data breaches, phishing scams targeting website owners, and dark web activities involving stolen identities and malware.

  19. security2026-06-26
    Malware steals Chrome session cookies to take over your accounts

    A phishing email with a malicious JavaScript file disguised as a PDF installs a Chrome extension that steals session cookies and uses Chrome Native Messaging to execute PowerShell commands. The malware bypasses multi-factor authentication by hijacking active browser sessions and collects data like open tabs and system files.

  20. crime2026-06-25
    Beware of “Parcel Expert” job offers: They’re parcel mule scams

    The article warns about 'Parcel Expert' job offers, which are part of parcel mule scams where scammers recruit individuals to handle stolen goods. These scams promise high-paying remote work for unskilled tasks like inspecting and forwarding packages, often using well-known retailers as trust signals. Victims unknowingly assist in laundering stolen merchandise by shipping items from their homes to distribution hubs or international destinations.

The Nexus tracks 230+ news outlets plus 48 government data feeds. View the full source index or read today’s briefing for synthesis across all of them.