Cybersecurity week: top threats and how to protect (June 8-14)

Security researchers and endpoint protection firms tracked multiple active threats during the week of June 8-14, including phishing campaigns, malicious software, ransomware and unwanted browser extensions. Operators used fake login pages, links and attachments to trick users into installing malware or surrendering credentials.

Incidents were observed across email, web downloads and third-party software installers and affected Windows and macOS systems as well as mobile devices. Many infections began with out-of-date software or weak account controls that allowed initial access to escalate. Small businesses and individual users were targeted frequently, in part because they often lack centralized patch management and advanced email filtering.

Protection steps emphasized during the week focused on reducing the attack surface and limiting harm if a device is compromised. Users should install operating system and application updates promptly and enable automatic updates where available. Keep endpoint protection software current and run regular scans. Enable two-factor authentication on important accounts and use unique, strong passwords stored in a password manager.

Exercise caution with email and messaging: do not open attachments or click links from unknown senders and verify requests for login information using a separate channel. Avoid installing browser extensions or software from untrusted sources and check extension permissions before adding them. Back up important files to an external drive or a secure cloud service and keep at least one offline copy to reduce the impact of ransomware. On public Wi-Fi, use a trusted virtual private network to protect data in transit.

For organizations, recommended measures included applying a formal patch schedule, limiting administrative privileges and training staff to recognise phishing attempts. Additional actions for both businesses and home users are auditing installed programs and browser extensions, reviewing account activity for unauthorized sign-ins and monitoring financial accounts for unusual transactions.

Malwarebytes is offering a newsletter for readers who want ongoing alerts and guidance. Sign-up requires an email address and consent to be contacted about products and services and to the use of personal data as described in Malwarebytes’ Terms of Service and Privacy Policy.