Last week on Malwarebytes Labs:

* [Why (almost) everything we told you about passwords was wrong]()
* [Two new Exchange Server zero-days in the wild]()
* [Local government cybersecurity: 5 best practices]()
* [Optus data breach “attacker” says sorry, it was a mistake]()
* [Fast Company hacked to send obscene and racist messages]()
* [APT28 attack uses old PowerPoint trick to download malware]()
* [Spyware disguises itself as Zoom downloads]()
* [FCC moves to block robotexts]()
* [Erbium stealer on the hunt for data]()
* [4 times students compromised school cybersecurity]()
* [Facebook users sue Meta for allegedly building “secret workaround” to Apple privacy safeguards]()
* [TikTok faces $28m fine for failing to protect children’s privacy]()
* [Flaw in some ManageEngine apps is being actively exploited, says CISA]()
* [Exchange servers abused for spam through malicious OAuth applications]()
* [Calling in the ransomware negotiator, with Kurtis Minder: Lock and Code S03E20]()
* [Windows 11 pulls ahead of Windows 10 in anti-phishing stakes]()
* [Twitter fixes bug that left devices logged in after password reset]()

Stay safe!Read More