On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats. The vulnerability, […]
WinRAR vulnerability exploited by two different groups Leggi tutto »
The next time you shake your head at another online scam and vow that you’d never fall for it, remember that even the most tech-savvy people can sometimes slip up. A case in point: Julie-Anne Kearns. This self-made scam-hunter told her story to the Guardian last week, revealing how she had been duped by people
Scam hunter scammed by tax office impersonators Leggi tutto »
Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon. The text message tells you that the item does not meet Amazon’s standards, and tries to install some urgency by claiming it is not safe to use. It also includes a link where it
That “Amazon Safety Recall” message may well be a scam Leggi tutto »
This week on the Lock and Code podcast… The internet is cracking apart. It’s exactly what some politicians want. In June, a Texas law that requires age verification on certain websites withstood a legal challenge brought all the way to the US Supreme Court. It could be a blueprint for how the internet will change
“The worst thing” for online rights: An age-restricted grey web (Lock and Code S06E16) Leggi tutto »
A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to disclose the vendor’s name, he revealed that it
Online portal exposed car and personal data, allowed anyone to remotely unlock cars Leggi tutto »
Last week on Malwarebytes Labs: Adult sites trick users into Liking Facebook posts using a clickjack Trojan Facebook users targeted in ‘login’ phish TeaOnHer, the male version of Tea, is leaking personal information on its users too How Google, Adidas, and more were breached in a Salesforce scam Meta accessed women’s health data from Flo
A week in security (August 4 – August 10) Leggi tutto »
As the use of age verification to access adult websites increases in various countries around the world, shady websites with adult content have started a timely malware-fueled campaign to promote links to their own websites. During our daily rounds on Facebook, looking for the latest scams, we noticed something odd about some posts pointing to
Adult sites trick users into Liking Facebook posts using a clickjack Trojan Leggi tutto »
A few weeks ago we warned our readers of a phishing campaign targeting Instagram users that didn’t resort to the usual links to phishing websites, but used mailto: links instead. Now, it seems that these scammers have turned their attention to Facebook users. It works like this: The target receives an email saying that your
Facebook users targeted in ‘login’ phish Leggi tutto »
Last week we reported about some serious leaks in Tea Dating Advice, an app that provides a space for women to exchange information about men they know, have met, or have dated in the past. The app aims to provide a platform where people can share relevant information about, say, potentially abusive partners. However, it
TeaOnHer, the male version of Tea, is leaking personal information on its users too Leggi tutto »
At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse—making a phone call. By disguising themselves as IT support personnel on the phone, hackers belonging to the group “ShinyHunters” successfully tricked the employees at several multinational
How Google, Adidas, and more were breached in a Salesforce scam Leggi tutto »
