Malwarebytes Labs – The Security Blog From Malwarebytes | Malwarebytes Labs News Thousands of online stores at risk as SessionReaper attacks spread October 23, 2025 – A Magento bug called SessionReaper is doing the rounds, and researchers warn it’s letting attackers hijack real shopping sessions. Mobile Apple may have to open its walled garden to outside app stores News Meta boosts scam protection on WhatsApp and Messenger News Home Depot Halloween phish gives users a fright, not a freebie News Over 100 Chrome extensions break WhatsApp’s anti-spam rules Threat Intelligence Threat Intel Stay up to date with the latest research and threat intelligence reports. READ MORE BUSINESS BLOG Business Discover the tools, insights, and advice you need to protect your organization. EXPLORE PERSONAL BLOG Personal Get the security news and tips to help you and your family stay safe. EXPLORE PODCAST Podcast Our bi-weekly podcast of the latest security headlines and in-depth interviews with guests VIEW EPISODES Thousands of online stores at risk as SessionReaper attacks spread Pieter Arntz October 23, 2025 0 Comments A Magento bug called SessionReaper is doing the rounds, and researchers warn it’s letting attackers hijack real shopping sessions. Apple may have to open its walled garden to outside app stores Pieter Arntz October 23, 2025 0 Comments The UK’s competition watchdog says Apple’s “walled garden” gives it too much control—and may soon force it to allow rival app stores on iPhones. Meta boosts scam protection on WhatsApp and Messenger Danny Bradbury October 23, 2025 0 Comments This is part of its broader push to fight impersonation and fraud, after removing more than 21,000 fake customer-support pages from Facebook. Over 100 Chrome extensions break WhatsApp’s anti-spam rules Pieter Arntz October 22, 2025 0 Comments The add-ons abuse WhatsApp Web to blast bulk messages, sidestepping both Chrome’s extension policies and WhatsApp’s anti-spam rules. Home Depot Halloween phish gives users a fright, not a freebie Pieter Arntz October 22, 2025 0 Comments Boo! A Home Depot Halloween “giveaway” isn’t a treat—it’s a phishing trick. Fake links, tracking pixels, and compromised sites are the real prizes. Zero-click Dolby audio bug lets attackers run code on Android and Windows devices Pieter Arntz October 22, 2025 0 Comments The bug, tracked as CVE-2025-54957, could let attackers run code via audio files. Windows update breaks USB support in recovery mode Pieter Arntz October 21, 2025 0 Comments Microsoft’s October update disabled USB keyboards and mice in Windows Recovery Mode, leaving unlucky users with two problems for the price of one. You can poison AI with just 250 dodgy documents Danny Bradbury October 21, 2025 0 Comments Anthropic’s new research shows how easy it could be to poison AI models—proof that even small manipulations can have big effects. What does Google know about me? (Lock and Code S06E21) Malwarebytes Labs October 20, 2025 0 Comments This week on the Lock and Code podcast… Google is everywhere in our lives. It’s reach into our data extends just… 1 2 3 … 581 Next Contributors Threat Center Podcast Glossary Scams
