Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches

A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally...

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision...

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden

An investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen...

Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence AI buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to...

PT-2025-4848 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft CMS versions prior to 4.13.8 Craft CMS versions prior to 5.5.8 Description: This is a remote code execution RCE vulnerability that affects Craft CMS versions 4 and 5, specifically those with compromised security keys. The vulnerability...

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

Japan's National Police Agency NPA and National Center of Incident Readiness and Strategy for Cybersecurity NCSC accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The...

Millions of Email Servers Exposed Due to Missing TLS Encryption

Millions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security TLS encryption...

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks

US sanctions Beijing-based Integrity Technology Group for aiding "Flax Typhoon" hackers in cyberattacks on American infrastructure, freezing assets…...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393link is external Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

Secure Gaming During the Holidays

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-44207link is external Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicio...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14933link is external NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227link is external NUUO NVRmini 2 Devices Missing Authentication...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55956link is external Cleo Multiple Products Unauthenticated File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

Hacktivist Groups: The Shadowy Links to Nation-State Agendas

Hacktivist Groups: The Shadowy Links to Nation-State Agendas By Ernesto Fernández Provecho · December 16, 2024 Introduction Hacktivism, the intersection of hacking and activism, has emerged as a potent force in the digital age. It involves using technology to achieve social or political goals,...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727link is external North Grid Proself Improper Restriction of XML External Entity XEE Reference Vulnerability CVE-2024-11680link is external ProjectSend...

IT threat evolution in Q3 2024. Non-mobile statistics

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data...

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service DDoS campaign that leverages vulnerabilities and misconfigurations in Internet of Things IoT devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for...

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim...

Сrimeware and financial cyberthreats in 2025

Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...