Internet-Scale Measurement of React2Shell Exploitation Using an Active Network Telescope

The increasing adoption of server-side component-based web frameworks has introduced new application-layer attack surfaces that remain insufficiently understood at Internet scale. On 3 December 2025, a critical remote code execution vulnerability CVE-2025-55182 in React Server Components, referre...

Managed Detection and Response in 2023

Managed Detection and Response in 2023 PDF Alongside other security solutions, we provide Kaspersky Managed Detection and Response MDR to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both machine-learning ...

2024 State of Ransomware in Education: 92% spike in K-12 attacks

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...

Google Fended Off Largest Ever Layer 7 DDoS Attack

By Waqas According to Google, the geographic distribution of the DDoS attack suggests that it might have been launched through… This is a post from HackRead.com Read the original post: Google Fended Off Largest Ever Layer 7 DDoS Attack...

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "miraiptea" that leverages an undisclosed vulnerability in digital video recorders DVR provided by KGUARD to propagate and carry out distributed denial-of-service DDoS attacks. Chinese security firm...

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...

NICER Protocol Deep Dive: Internet Exposure of MySQL

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

Electrum DDoS botnet reaches 152,000 infected hosts

By Jérôme Segura, Adam Thomas, and S!Ri We have been closely monitoring the situation involving the continued attacks against users of the popular Electrum Bitcoin wallet. Initially, victims were being tricked to download a fraudulent update that stole their cryptocurrencies. Later on, the threat...

New trends in the world of IoT threats

Cybercriminals' interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn't bode well for the years ahead. We decided to study what attack...

ThreatList: Attacks on Industrial Control Systems on the Rise

The systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors are increasingly in the crosshairs of cyber-attackers: A full 41.2 percent of industrial control system ICS were attacked by malicious software at least once in the first half of 201...

Small businesses targeted by highly localized Ursnif campaign

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a net as possible to increase the pool of potential victims. But attacks that create a lot ...

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018

A story published here last week warned readers about a vast network of potentially malicious Web sites ending in ".cm" that mimic some of the world's most popular Internet destinations e.g. espndotcm, aoldotcm and itunesdot.cm in a bid to bombard visitors with fake security alerts that can lock ...

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

Update: Further analysis of this campaign points to a poisoned update for a peer-to-peer P2P application. For more information, read Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak. Just before noon on March 6 PST, Windows Defender Antivirus blocked more than 80,000 instances of...

MSRT June 2017: Removing sneaky Xiazai

In the June release of the Microsoft Malicious Software Removal Tool MSRT, we’re adding Xiazai, a widespread family of browser modifiers that we have blocked and removed from millions of computers since 2015. Xiazai is a software bundler that can sneak in additional changes. Xiazai does not insta...

Massive Twitter Botnet Dormant Since 2013

A sizable and dormant Twitter botnet has been uncovered by two researchers from the University College London, who expressed concern about the possible risks should the botmaster decide to waken the accounts under his control. Research student Juan Echeverria Guzman and his supervisor and senior...

MSRT August 2016 release adds Neobar detection

As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses...