WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action&#

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as “mercenary spyware.” This includes people like journalists and human rights advocates, who are often targeted by oppressive regimes using malware like NSO Groups

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short for Node package manager, a name that no longer covers the

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s

Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations.  This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digital ecosystems using our single lightweight agent.  

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by the Malwarebytes Threat Intelligence team, are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass combed through a large list of CEO and business owner breac

Most people think that turning off their iPhone – or letting the battery die – means that the phone is, well, off. The thing is, this isn’t quite true. In reality, most of the phone’s functionality has ended, but there are components that mindlessly continue a zombie-like existence, for the most part unbeknownst to the user. Even w

When selecting the right cybersecurity vendor to protect their operations, small- and medium-sized businesses (SMBs) can lean on several third-party research organizations that analyze which cybersecurity products can best prevent, detect, and clean up various types of cyberattacks today. But these tests can sometimes assume a level of end-user complexity

In-game cheats are about to have an even harder time of things in triple AAA titles such as Call of Duty. Activision’s “Ricochet” software – a kernel level driver anti-cheat system – has added another twist to the tale of how players are protected via a new system called “Cloaking”. Making all new punishments fit the crime Anti-cheat softwa

p>The results of the MITRE Engenuity ATT&CK Evaluation of the Wizard Spider and Sandworm adversaries were officially released1 last week. We are very proud of the Malwarebytes EDR results in the MITRE Engenuity test, which are the direct reflection of a relentless core EDR team and the learnings from participation in prior MITRE Engenuity testing rounds.

p>Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and possibly implement product configuration changes, all while staying abreast of the latest intelligence on new and evolving threats. For organizations that lack fully staffed, internal security teams, or sometimes even on

p>Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They’ve been misused by bad actors for many years now, most commonly spamming unwary potential victims and leading them to bad times ahead. A brief history of cale

p>Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G, the pandemic, vaccines, or invasions, there’s a lot out there. One of the biggest problems where bad information placed online is concerned is bot farms. A huge army of automated accounts sowing seeds of doubt and

Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers, cookies, a variety of cryptocurrency wallets, VPN clients, and ma