Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

EUVD-2022-28106

Malicious code in bioql PyPI...

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

Cyberattackers often view small and medium-sized businesses SMBs as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to brea...

Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...

APT trends report Q3 2024

Kaspersky's Global Research and Analysis Team GReAT has been releasing quarterly summaries of advanced persistent threat APT activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we've published and discussed in more...

Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862:...

Slackware: Security Advisory (SSA:2017-263-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)

Discover how to protect your systems against SMB vulnerabilities and the latest critical Microsoft vulnerabilities released...

2019 State of Malware report: Trojans and cryptominers dominate threat landscape

Each quarter, the Malwarebytes Labs team gathers to share intel, statistics, and analysis of the tactics and techniques made popular by cybercriminals over the previous three months. At the end of the year, we synthesize this data into one all-encompassing report—the State of Malware report—that...

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...

How threat actors are using SMB vulnerabilities

Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block SMB to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. A pat...

Description of the security update for the Windows SMB vulnerabilities in Windows Server 2008: October 10, 2017

Description of the security update for the Windows SMB vulnerabilities in Windows Server 2008: October 10, 2017 Summary Vulnerabilities exist in Windows SMB that could allow remote code execution, denial of service, or information disclosure. To learn more about the vulnerabilities, go to the...

Protecting against DoublePulsar infection with InsightVM and Nexpose

After WannaCry hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset. Rapid7s Project...

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

As part of June's Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month's patch release also includes emergency patches for unsupported version...

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

The Latest on WannaCry, UIWIX, EternalRocks and ShadowBrokers

Ransomware has gained global attention over the course of the last two weeks due to the huge spread of WannaCry. Following the initial attacks, we’ve seen UIWIX, Adylkuzz and now EternalRocks come onto the scene leveraging the same core set of vulnerabilities. The common thread between the three...

SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)

SUMMARY Blue Coat products that include affected versions of Microsoft Windows and Samba are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to hijack connections to view and modify traffic, obtain unauthorized access to user passwords and other...

MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468) (uncredentialed check)

The remote host is affected by several vulnerabilities in the SMB server that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host. These vulnerabilities depend on access to a shared drive, but do not necessarily require credentials. C Tenable...

MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468)

The remote host is affected by several vulnerabilities in the SMB server that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid44422; scriptversion"1.24";...

smb 0day network penetration and Defense-vulnerability warning-the black bar safety net

This smb 0day vulnerabilities out for a long time, since the bun work is too busy, has not bother to pay attention to it. The vulnerability affects vista, Windows 7 and windows 2 0 0 8, EXP now surely everyone on hand the others also have, it was tested can be very good to attack vista and 2 0 0 ...