ACCORDING to Malwarebytes Labs, a week in security for 19–25 January 2026 highlights a string of notable threats and issues, with the post dated 26 January 2026. The piece links several security stories from that week, including spammers abusing Zendesk to flood inboxes with legitimate-looking emails and fake LastPass maintenance emails targeting users.
It also covers the Under Armour ransomware breach with data relating to 72 million customers appearing on the dark web, and discusses the use of LOLBins to drop RATs, as well as malicious Google Calendar invites that could expose private data. Other items cited include a fake extension that crashes browsers to trick users into infecting themselves, and mentions that Google will pay $8.25m to settle child data-tracking allegations; it notes that Firefox joined Chrome and Edge as sleeper extensions that spy on users.