Lucene search
K
SecurelistMost viewed

1026 matches found

Securelist
Securelist
added 2026/02/17 9:0 a.m.16 views

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/12/23 8:0 a.m.16 views

From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net:...

9.8CVSS9.3AI score0.51507EPSS
Exploits7
Securelist
Securelist
added 2025/12/11 12:0 p.m.16 views

Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/09/05 9:0 a.m.16 views

IT threat evolution in Q2 2025. Mobile statistics

IT threat evolution in Q2 2025. Mobile statistics IT threat evolution in Q2 2025. Non-mobile statistics The mobile section of our quarterly cyberthreat report includes statistics on malware, adware, and potentially unwanted software for Android, as well as descriptions of the most notable threats...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/05/07 10:0 a.m.16 views

State of ransomware in 2025

Global ransomware trends and numbers With the International Anti-Ransomware Day just around the corner on May 12, Kaspersky explores the ever-changing ransomware threat landscape and its implications for cybersecurity. According to Kaspersky Security Network data, the number of ransomware...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/03/21 10:0 a.m.16 views

Threat landscape for industrial automation systems in Q4 2024

Statistics across all threats In Q4 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.1 pp from the previous quarter to 21.9%. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared to Q4 2023, the percentage...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/11/08 10:0 a.m.16 views

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Introduction In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins modules in memory. The framework includes a Loader, a Core module, a Network module, a Command...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/09/18 10:0 a.m.16 views

Exotic SambaSpy is now dancing with Italian users

Introduction In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishin...

6.7AI score
Exploits0
Securelist
Securelist
added 2024/01/16 10:0 a.m.16 views

A lightweight method to detect potential iOS malware

Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/06/22 10:0 a.m.16 views

LockBit Green and phishing that targets organizations

Introduction In recent months, we published private reports on a broad range of subjects. We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, we selected three private reports, namely those related to LockBit and phishing campaigns...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/03/06 10:0 a.m.16 views

Threat landscape for industrial automation systems for H2 2022

Year 2022 in numbers Parameter | H1 2022 | H2 2022 | 2022 ---|---|---|--- Percentage of attacked ICS computers globally | 31.8% | 34.3% | 40.6% Main threat sources Internet | 16.5% | 19.9% | 24.0% Email clients | 7.0% | 6.4% | 7.9% Removable devices | 3.5% | 3.8% | 5.2% Network folders | 0.6% |...

0.5AI score
Exploits0
Securelist
Securelist
added 2022/10/12 8:0 a.m.16 views

Malicious WhatsApp mod distributed through legitimate apps

Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version...

0.9AI score
Exploits0
Securelist
Securelist
added 2021/11/22 10:0 a.m.16 views

Black Friday 2021: How to Have a Scam-Free Shopping Day

Fact 1: cybercriminals love to exploit big holidays for personal gain. Case in point: were already seeing scams targeting World Cup fans more than a year out from the event. Fact 2: the retail sector, particularly e-commerce, has always been popular with cybercriminals. In Q3 2021, online stores...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/10/12 1:0 p.m.16 views

SAS 2021: Fireside chat with Chris Bing

How to build up a fascinating story from a hardcore APT report? Where to find details and how to work with information sources? Sitting by the virtual fireside, Brian Bartholomew Kaspersky GReAT and Christopher Bing Reuters will discuss how malware researchers and investigative journalists can he...

0.9AI score
Exploits0
Securelist
Securelist
added 2017/12/12 10:0 a.m.16 views

Still Stealing

Two years ago in October 2015 we published a blogpost about a popular malware that was being distributed from the Google Play Store. Over the next two years we detected several similar apps on Google Play, but in October and November 2017 we found 85 new malicious apps on Google Play that are...

7.4AI score
Exploits0
Securelist
Securelist
added 2017/11/27 10:0 a.m.16 views

IoT lottery: finding a perfectly secure connected device

Black Friday and Cyber Monday are great for shopping. Vendors flood the market with all kinds of goods, including lots of exciting connected devices that promise to make our life easier, happier and more comfortable. Being enthusiastic shoppers just like many other people around the world, at...

7.8AI score
Exploits0
Securelist
Securelist
added 2025/12/03 10:0 a.m.15 views

Exploits and vulnerabilities in Q3 2025

In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the...

10CVSS9.3AI score0.99979EPSS
Exploits454
Securelist
Securelist
added 2025/08/19 10:0 a.m.15 views

GodRAT – New RAT targeting financial institutions

Summary In September 2024, we detected malicious activity targeting financial trading and brokerage firms through the distribution of malicious .scr screen saver files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan RAT named...

7.9AI score
Exploits0
Securelist
Securelist
added 2025/08/13 8:0 a.m.15 views

New trends in phishing and scams: how AI and social media are changing the game

Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events:...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/07/08 10:0 a.m.15 views

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

In our previous article we dissected penetration testing techniques for IBM z/OS mainframes protected by the Resource Access Control Facility RACF security package. In this second part of our research, we delve deeper into RACF by examining its decision-making logic, database structure, and the...

8AI score
Exploits0
Securelist
Securelist
added 2025/06/03 10:0 a.m.15 views

Host-based logs, container-based threats: How to tell where an attack began

The risks associated with containerized environments Although containers provide an isolated runtime environment for applications, this isolation is often overestimated. While containers encapsulate dependencies and ensure consistency, the fact that they share the host system's kernel introduces...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/04/22 1:0 p.m.15 views

Russian organizations targeted by backdoor masquerading as secure networking software updates

As we were looking into a cyberincident in April 2025, we uncovered a rather sophisticated backdoor. It targeted various large organizations in Russia, spanning the government, finance, and industrial sectors. While our investigation into the attack associated with the backdoor is still ongoing, ...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/02/18 10:0 a.m.15 views

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Introduction On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRi...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/10/04 8:0 a.m.15 views

Scam Information and Event Management

While trying to deliver malware on victims' devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims' devices without user consent; they'...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/08/14 12:0 p.m.15 views

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/08/12 10:0 a.m.15 views

Indirect prompt injection in the real world: how people manipulate neural networks

What is prompt injection? Large language models LLMs – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document...

7.9AI score
Exploits0
Securelist
Securelist
added 2023/11/21 10:0 a.m.15 views

Crimeware and financial cyberthreats in 2024

At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict...

7.8AI score
Exploits0
Securelist
Securelist
added 2022/11/28 8:0 a.m.15 views

Consumer cyberthreats: predictions for 2023

The consumer threat landscape constantly changes. Although the main types of threats phishing, scams, malware, etc. remain the same, lures that fraudsters use vary greatly depending on the time of year, current major events, news, etc. This year, we have seen spikes in cybercriminal activity aime...

6.8AI score
Exploits0
Securelist
Securelist
added 2022/11/22 8:0 a.m.15 views

ICS cyberthreats in 2023 – what to expect

Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. However, luckily, we did not see any sudden or catastrophic changes in the overall threat landscape – none that were difficult to handle, despite many colorful headlines in th...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/09/05 10:0 a.m.15 views

The nature of cyber incidents

Kaspersky provides incident response services and trainings to organizations around the world. In our annual incident response report, we share our observations and statistics based on investigation of real-life incidents. The report contains anonymized data collected by the Kaspersky Global...

1.9AI score
Exploits0
Securelist
Securelist
added 2022/08/17 1:0 p.m.15 views

Black Hat USA 2022 and DEF CON 30

Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30. The DEF CON theme was a "Hacker Homecoming", and it really was a fun one. Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town. Many of the...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/10/28 2:20 p.m.15 views

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

6.7AI score
Exploits0
Securelist
Securelist
added 2026/07/07 10:0 a.m.14 views

Threat landscape for industrial automation systems. Q1 2026

All threats The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023. Percentage of ICS computers on which malicious objects were blocked, Q2 2023–Q1...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/07/01 6:42 a.m.14 views

OpenClaw: risks for the users and how to mitigate them

OpenClaw, which was previously known as Clawdbot and Moltbot, is today one of the most successful and fast‑growing ecosystems for AI agents, recognized worldwide. The project quickly became popular with users because of its flexibility and ability to solve fairly complex tasks that previously...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/05/29 7:0 a.m.14 views

What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant

Introduction Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of contain...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/05/14 11:0 a.m.14 views

Kimsuky targets organizations with PebbleDash-based tools

Over the past few months, we have conducted an in-depth analysis of specific activity clusters of Kimsuky aka APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Velvet Chollima, and Springtail, a prolific Korean-speaking threat actor. Our research revealed notable tactical shifts throughout...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/05/08 8:0 a.m.14 views

CVE-2025-68670: discovering an RCE vulnerability in xrdp

In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the...

9.8CVSS6.8AI score0.01318EPSS
Exploits0
Securelist
Securelist
added 2025/08/18 9:0 a.m.14 views

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...

9.3CVSS8.7AI score0.9923EPSS
Exploits59
Securelist
Securelist
added 2025/07/25 7:0 a.m.14 views

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...

9.8CVSS9AI score0.99979EPSS
Exploits51
Securelist
Securelist
added 2025/04/02 10:0 a.m.14 views

TookPS: DeepSeek isn’t the only game in town

In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader, a malware strain detailed in the article, was not limited to mimicking neural networks. We identified...

8.1AI score
Exploits0
Securelist
Securelist
added 2025/02/05 8:0 a.m.14 views

Take my money: OCR crypto stealers in Google Play and App Store

Update 07.02.2025: Google removed malicious apps from Google Play. Update 06.02.2025: Apple removed malicious apps from the App Store. In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users' image galleries in search of...

5.9AI score
Exploits0
Securelist
Securelist
added 2024/11/29 10:0 a.m.14 views

IT threat evolution in Q3 2024. Mobile statistics

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Quarterly figures According to Kaspersky Security Network, in Q3 2024: As many as 6.7 million attacks involving malware, adware or potentially unwanted mobile app...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/10/21 10:0 a.m.14 views

Stealer here, stealer there, stealers everywhere!

Introduction Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. Accordi...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/10/02 10:0 a.m.14 views

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies,...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/08/01 10:0 a.m.14 views

How “professional” ransomware variants boost cybercrime groups

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a leaked ransomware variant. This requires no extraordinary...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/07/11 10:0 a.m.14 views

When spear phishing met mass phishing

Introduction Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/06/25 10:0 a.m.14 views

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses SMBs are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise. The...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/05/16 8:0 a.m.14 views

The nature of cyberincidents in 2022

Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/01/09 10:38 a.m.14 views

How much security is enough?

According to a prominent Soviet science fiction writer, beauty is a fine line, a razors edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching th...

6.9AI score
Exploits0
Total number of security vulnerabilities1026