Catwatchful “child monitoring” app exposes victims’ data 文章揭示了“Stalkerware”类监控软件的隐私和安全威胁。这些软件常以“儿童监控”为名推广，实则被用于非法窥探他人隐私。由于缺乏安全性，许多此类应用暴露了大量用户数据。例如，“Catwatchful”应用泄露了26,000名受害者的数据及62,000名用户的账户信息。文章强调使用此类软件不仅违法且风险极高。... 2025-7-3 12:23:28 | 阅读: 7 | 收藏 | Malwarebytes Labs - www.malwarebytes.com stalkerware security monitoring repeated tens

Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams 微软、DocuSign等知名品牌被网络钓鱼攻击模仿，攻击者通过恶意邮件、假电话号码和危险二维码诱骗受害者泄露敏感信息或下载恶意软件。这些攻击利用技术规避和社交工程手段绕过检测，并诱导受害者通过电话或在线方式进一步行动。... 2025-7-3 10:38:59 | 阅读: 21 | 收藏 | Malwarebytes Labs - www.malwarebytes.com phishing qr malicious microsoft telephone

Qantas: Breach affects 6 million people, “significant” amount of data likely taken 澳大利亚最大航空公司Qantas遭网络攻击，第三方客服平台泄露600万客户记录，包括姓名、邮箱等信息。未涉及信用卡等敏感数据。公司已隔离系统并配合调查。FBI警告黑客针对航空业的威胁增加。... 2025-7-2 11:37:44 | 阅读: 20 | 收藏 | Malwarebytes Labs - www.malwarebytes.com qantas airline fourth ransomware

Update your Chrome to fix new actively exploited zero-day vulnerability Google修复Chrome漏洞（CVE-2025-6554），版本更新至138.0.xxxx。该漏洞可被恶意网站利用导致系统受损，由Clément Lecigne发现。... 2025-7-1 15:12:7 | 阅读: 14 | 收藏 | Malwarebytes Labs - www.malwarebytes.com chrome 7204 exploited attackers memory

Bluetooth vulnerability in audio devices can be exploited to spy on users 研究人员发现29款蓝牙设备（如耳机、扬声器）存在漏洞，可被利用进行窃听或信息窃取。这些设备来自索尼、bose、jbl等品牌。攻击需近距离且技术要求高。建议用户关注固件更新以修复问题。... 2025-7-1 14:57:20 | 阅读: 14 | 收藏 | Malwarebytes Labs - www.malwarebytes.com sony marshall attacker wh

Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more Facebook请求用户允许其处理手机相册中的照片以提供创意建议，但可能用于AI分析和处理。用户需谨慎选择信任的服务，并注意隐私风险。... 2025-7-1 10:44:54 | 阅读: 15 | 收藏 | Malwarebytes Labs - www.malwarebytes.com facebook cloud roll facial techcrunch

Corpse-eating selfies, and other ways to trick scammers (Lock and Code S06E14) Becky Holmes, an expert on romance scams, responds to scammers with humor and creativity, often coordinating with law enforcement to shut them down. Romance scams target individuals through deceptive affection, often impersonating celebrities, and can lead to significant financial losses. Holmes discusses these issues and the role of AI in fraud on the Lock and Code podcast.... 2025-6-30 16:34:34 | 阅读: 8 | 收藏 | Malwarebytes Labs - www.malwarebytes.com romance scammer holmes brad pretending

AT&T to pay compensation to data breach victims. Here’s how to check if you were affected AT&T因两次重大数据泄露事件（2019年及2024年）影响大量客户，并同意支付1.77亿美元赔偿金。符合条件的客户可申请补偿，优先考虑能证明损失者。... 2025-6-30 11:19:19 | 阅读: 35 | 收藏 | Malwarebytes Labs - www.malwarebytes.com at&t settlement hunters eligible bubble

Android threats rise sharply, with mobile malware jumping by 151% since start of year 2025年上半年安卓威胁显著增长：恶意软件激增151%，间谍软件上涨147%，短信钓鱼飙升692%。攻击者精准利用用户心理和系统漏洞，构建复杂生态系统进行长期犯罪活动。假金融工具、伪装更新等恶意应用趁机扩散。安卓设备更新率低及灰色市场问题加剧风险。需加强安全防护措施以应对威胁升级。... 2025-6-30 10:0:0 | 阅读: 15 | 收藏 | Malwarebytes Labs - www.malwarebytes.com attackers security threats spike malicious

A week in security (June 23 – June 29) 文章提到近期网络安全威胁频发：包括DocuSign文档邀请异常、越狱AI模型被用于网络犯罪、Do Not Call Registry失效、面部识别普及引发隐私担忧以及数据经纪人跨州注册问题突出。... 2025-6-30 07:6:15 | 阅读: 34 | 收藏 | Malwarebytes Labs - www.malwarebytes.com failing captcha assist unwanted commonplace

Fake DocuSign email hides tricky phishing attempt 文章描述了一次利用DocuSign通知和Webflow工具进行多层钓鱼攻击的案例。攻击者通过伪造合法链接和Google登录页面欺骗受害者，并收集浏览器数据进行进一步攻击。提醒用户警惕异常链接、启用双重认证并使用安全软件防范此类威胁。... 2025-6-27 15:30:54 | 阅读: 12 | 收藏 | Malwarebytes Labs - www.malwarebytes.com docusign webflow phishing captcha threats

Jailbroken AIs are helping cybercriminals to hone their craft 网络犯罪分子绕过AI模型的安全限制，利用其生成恶意代码、钓鱼邮件等。他们通过暗网工具如WormGPT订阅服务，增强现有攻击手段。尽管未创造新威胁类型，但显著提升了攻击效率和复杂性。... 2025-6-26 13:38:53 | 阅读: 17 | 收藏 | Malwarebytes Labs - www.malwarebytes.com wormgpt ais uncensored llms

Why the Do Not Call Registry doesn’t work “Do Not Call Registry” 是美国政府为限制合法推销电话而设立的服务，但无法阻止诈骗、政治、慈善等其他类型骚扰电话。尽管用户注册该服务后仍会收到大量不受欢迎的来电。... 2025-6-26 12:17:44 | 阅读: 21 | 收藏 | Malwarebytes Labs - www.malwarebytes.com ftc unwanted americans

Facial recognition: Where and how you can opt out 文章探讨了如何在全球各地选择退出面部识别技术的应用场景及其隐私影响。在机场和边境检查中可以选择手动身份验证替代自动面部扫描；不同国家和地区对这一技术的监管力度不一；而隐私保护措施仍在不断完善中。... 2025-6-25 20:16:20 | 阅读: 7 | 收藏 | Malwarebytes Labs - www.malwarebytes.com facial tsa airports security regulations

Many data brokers are failing to register with state consumer protection agencies 数百家数据经纪商未在州消费者保护机构注册,收集并转卖个人身份信息,跨州交易致信息扩散,部分州已立法但执行不力,联邦监管仍待推进。... 2025-6-25 12:56:6 | 阅读: 4 | 收藏 | Malwarebytes Labs - www.malwarebytes.com brokers broker laws analysis 10k

Sextortion email scammers increase their “Hello pervert” money demands 文章描述了一种新型网络钓鱼邮件，以“Hello pervert”开头，声称通过间谍软件监控用户行为并掌握隐私视频，要求支付赎金以避免曝光。近期版本赎金涨至1650美元，并通过编码错误推测发件人可能来自使用西里尔字母的地区。文章提醒用户警惕此类邮件并提供防范建议。... 2025-6-25 09:41:57 | 阅读: 15 | 收藏 | Malwarebytes Labs - www.malwarebytes.com іt іs wіll thіs sextortion

Thousands of private camera feeds found online. Make sure yours isn’t one of them 研究人员发现4万个未受保护的摄像头暴露于互联网，可能导致隐私泄露和安全风险。这些设备可能被用于窥探、勒索或作为网络攻击的入口。... 2025-6-24 20:37:45 | 阅读: 7 | 收藏 | Malwarebytes Labs - www.malwarebytes.com cameras feeds bitsight security attacker

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks Russian hackers bypassed Gmail's MFA by posing as US Department of State officials, tricking targets into creating app-specific passwords. These codes skip the second verification step, making them easier to steal. Targets included prominent academics and critics of Russia. Researchers suspect state sponsorship. Avoid app passwords and use stronger MFA methods like authenticator apps or hardware keys.... 2025-6-23 12:47:23 | 阅读: 14 | 收藏 | Malwarebytes Labs - www.malwarebytes.com passwords security attackers attacker

A week in security (June 15 – June 21) 研究人员发现30个暴露的数据集，包含超160亿登录凭证，疑似被恶意软件窃取；玩具公司与OpenAI合作开发AI玩具引发隐私担忧；Instagram出现冒充银行的深度伪造广告；骗子利用五种沟通渠道频繁行骗，并滥用赞助搜索结果展示诈骗电话号码。... 2025-6-23 07:5:58 | 阅读: 22 | 收藏 | Malwarebytes Labs - www.malwarebytes.com favored openai urged banks mattel

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online 网络犯罪分子通过恶意软件收集了160亿条登录凭证，涉及社交媒体、电子邮件和加密钱包等平台。这些数据被用于账户接管、身份盗窃和钓鱼攻击等。建议使用防恶意软件、不重复密码和启用双重认证来防范风险。... 2025-6-19 13:58:36 | 阅读: 16 | 收藏 | Malwarebytes Labs - www.malwarebytes.com passwords datasets fido2 phished