66 matches found
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software
During our recent threat hunting activities, we found EtherRAT malware being distributed by a website with a strange homepage. This homepage allowed us to discover a vast malicious infrastructure distributing malware, malicious documents, remote desktop software, and phishing pages. EtherRAT is a...
Fake verification pages are stealing Steam accounts from players
Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...
CVE-2026-42538
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
EUVD-2026-34326
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538
IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...
PT-2026-46385
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
Iris 安全漏洞
Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by improper file upload validation. These vulnerabilities could lead to the hosting of...
Malicious trading website drops malware that hands your browser to attackers
During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer , data-stealing malware designed to quietly harvest sensitive information from infected devices, including browser data, login sessions, and...
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe...
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates...
Criminals are using AI website builders to clone major brands
AI tool Vercel was abused by cybercriminals to create a Malwarebytes lookalike website. Cybercriminals no longer need design or coding skills to create a convincing fake brand site. All they need is a domain name and an AI website builder. In minutes, they can clone a site's look and feel, plug i...
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle AitM framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection...
Phishing scammers are posting fake “account restricted” comments on LinkedIn
Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...
To buy or not to buy: How cybercriminals capitalize on Black Friday
The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in...
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk sp...