Fake malware-signing service Fox Tempest dismantled by Microsoft
The service let malware authors sign malicious files with fraudulent Microsoft-issued certificates to bypass security checks.
Fonte
malwarebytes.com
21articoli totali nell'archivio
Firefox 151 packs big privacy upgrades into a small update
Firefox 151 adds major privacy improvements and fixes high-priority security vulnerabilities, making this an update you shouldn’t…
Biometrics, diagnoses, and bank details exposed in major healthcare breach
NYC Health + Hospitals says attackers accessed its systems for months through a third-party vendor compromise, affecting at least…
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
A fake Aldi “meat box” offer spreading on Facebook tricks victims into handing over personal and payment info.
YouTube wants your face to fight deepfakes
"Likeness detection" promises protection from AI deepfakes, but some creators are uneasy about handing over biometric data in…
Microsoft is changing Edge’s plaintext password behavior
Saved passwords in Microsoft Edge will no longer sit in plaintext memory for the entire browser session after a researcher raised…
A week in security (May 11 - May 17)
A list of topics we covered in the week of May 11 to May 17 of 2026
Attackers replaced JDownloader installer downloads with malware
The JDownloader website was compromised and installer download links served malware for several days.
Meta’s confusing new approach to chat privacy
WhatsApp now offers disappearing AI chats Meta says it cannot read. While Instagram just removed the feature that stopped Meta…
Why Malwarebytes blocks some Yahoo Mail redirects
Some Yahoo Mail users may see repeated Malwarebytes alerts caused by background connections to suspicious third-party domains.…
Deepfake sextortion forces schools to remove student photos from websites
Experts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK…
Texas sued Netflix over claims it secretly collected and sold users’ data
The Texas AG sued Netflix, accusing the company of secretly tracking viewers, selling user data, and using addictive features…
May 2026 Patch Tuesday: no zero-days but plenty to fix
May’s Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn’t be…
1 in 8 employees have sold company logins or know someone who has
Cifas just published research that should bother anyone who runs a business, or buys from one.
Stolen Canvas data was “returned” after hacker agreement, Instructure says
Instructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.
Yarbo responds to robot flaws that could mow down their owners
A researcher found a host of vulnerabilities in Yarbo garden robots that could expose Wi-Fi passwords, hijack cameras, and run…
A week in security (May 4 - May 10)
A list of topics we covered in the week of May 4 to May 10 of 2026
Microsoft says Edge’s plaintext password behavior is “by design”
A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is…
ShinyHunters escalates Canvas attacks with school login defacements
Days after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.
Massive AI investment scam network spans 15,500 domains
AI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign except for possible targets