Malware

Ravie LakshmananMay 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service…

Last week on Malwarebytes Labs: 3 easy-to-miss cybersecurity risks for small businesses Actively exploited cPanel bug exposes millions of websites to takeover More PayPal emails hijacked to deliver tech support…

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting…

There’s a lot to security that isn’t necessarily “cyber.” It’s not all hackers or complex network attacks. Alongside traditional cyberattacks that deploy malware or exploit known software vulnerabilities, there are…

Ravie LakshmananMay 03, 2026Vulnerability / Container Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known…

Ravie LakshmananMay 02, 2026Data Breach / Enterprise Security Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code. It…

Ravie LakshmananMay 01, 2026Malware / Threat Intelligence A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim…

Ravie LakshmananMay 01, 2026Malware / Social Engineering Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments,…

Security researchers are warning about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM).  This is a critical, actively exploited authentication-bypass bug…

The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs…

Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails…

Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious…

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox…

Ravie LakshmananApr 30, 2026Hacking News / Cybersecurity News The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam…

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers,…

For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how…

The internet’s chatbots have read every forum rant, leaked Slack log, and confident blog post your uncle ever wrote about chemtrails. The results are predictable: they reflect the state of…

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to…

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package…

A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call (RPC), the core of communication…

Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known…

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python…

Ravie LakshmananApr 28, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to…

Researchers have documented a long‑running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background. If you’ve spent any time…

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across…

International espionage isn’t always about sophisticated malware and zero-day bugs. Sometimes it’s as simple as pretending to be someone else asking for a favor. For four years, a Chinese aerospace…

Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu…

Ravie LakshmananApr 27, 2026 Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company…

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious…