This article is a weekly digest covering multiple, distinct security incidents rather than a single vulnerability. It highlights threats including Microsoft Edge storing passwords in plaintext, attackers using the Bun JavaScript runtime to spread NWHStealer malware, and two new flaws in WhatsApp that could lead to malicious file exposure. No specific CVSS scores, affected versions, fixed versions, or workarounds are provided for any of the individual issues mentioned.
Last week on Malwarebytes Labs: Microsoft says Edge’s plaintext password behavior is “by design” ShinyHunters escalates Canvas attacks with school login defacements Massive AI investment scam network spans 15,500 domains If a fake moustache can fool age checks, is the Online Safety Act working? Google Chrome’s silent 4GB AI download problem Attackers adopt JavaScript runtime Bun to spread NWHStealer Millions of students’ personal data stolen in major education breach Update WhatsApp now: Two new flaws could expose you to malicious files Cyberattacks are raising your prices (Lock and Code S07E09) Thousands of Facebook accounts stolen by phishing emails sent through Google The 2026 World Cup scam economy is already running before the first whistle Stay safe! Browse like no one’s watching. Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next story you read doesn’t have to feel personal. Try it free →