Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2026/03/06 10:0 a.m.13 views

Exploits and vulnerabilities in Q4 2025

The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries and mainstream applications. Several of these vulnerabilities were picked up by attackers and exploited in the wild almost immediately...

10CVSS7.3AI score0.99979EPSS
Exploits887
Securelist
Securelist
added 2026/01/27 8:0 a.m.13 views

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...

6.2AI score
Exploits0
Securelist
Securelist
added 2025/12/12 8:0 a.m.13 views

Turn me on, turn me off: Zigbee assessment in industrial environments

We all encounter IoT and home automation in some form or another, from smart speakers to automated sensors that control water pumps. These services appear simple and straightforward to us, but many devices and protocols work together under the hood to deliver them. One of those protocols is Zigbe...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/11/26 10:0 a.m.13 views

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated online chat. That was the tech scene in 2001, the same year when Sir Dystic of Cult of the Dead Cow...

8.8CVSS8.5AI score0.97798EPSS
Exploits91
Securelist
Securelist
added 2025/11/19 10:0 a.m.13 views

IT threat evolution in Q3 2025. Mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics The quarter at a glance In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/11/19 10:0 a.m.13 views

IT threat evolution in Q3 2025. Non-mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics Quarterly figures In Q3 2025: Kaspersky solutions blocked more than 389 million attacks that originated with various online resources. Web Anti-Virus responded to 52 million unique links. File...

9.8CVSS7.2AI score0.15593EPSS
Exploits0
Securelist
Securelist
added 2025/08/27 10:0 a.m.13 views

Exploits and vulnerabilities in Q2 2025

Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverag...

10CVSS8.9AI score0.99959EPSS
Exploits400
Securelist
Securelist
added 2025/05/15 1:7 p.m.13 views

Threat landscape for industrial automation systems in Q1 2025

Trends Relative stability from quarter to quarter. The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Over the last three quarters, the value has ranged from 22.0% to 21.9%. The quarterly figures are decreasing from year to year. Sinc...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/03/05 10:0 a.m.13 views

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

In recent months, we've seen an increase in the use of Windows Packet Divert drivers to intercept and modify network traffic in Windows systems. This technology is used in various utilities, including ones for bypassing blocks and restrictions of access to resources worldwide. Over the past six...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/02/28 4:0 a.m.13 views

The SOC files: Chasing the web shell

Web shells have evolved far beyond their original purpose of basic remote command execution, and many now function more like lightweight exploitation frameworks. These tools often include features such as in-memory module execution and encrypted command-and-control C2 communication, giving...

8.3AI score
Exploits0
Securelist
Securelist
added 2024/12/16 10:0 a.m.13 views

Dark web threats and dark market predictions for 2025

Review of last year's predictions The number of services providing AV evasion for malware cryptors will increase We continuously monitor underground markets for the emergence of new "cryptors," which are tools specifically designed to obfuscate the code within malware samples. The primary purpose...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/12/05 10:0 a.m.13 views

Our secret ingredient for reverse engineering

Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...

6.4AI score
Exploits0
Securelist
Securelist
added 2024/10/02 10:0 a.m.13 views

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies,...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/09/24 10:0 a.m.13 views

Web tracking report: who monitored users’ online activities in 2023–2024 the most

Web tracking has become a pervasive aspect of our online experience. Whether we're browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwid...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/08/12 10:0 a.m.13 views

Indirect prompt injection in the real world: how people manipulate neural networks

What is prompt injection? Large language models LLMs – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/04/30 9:0 a.m.13 views

Managed Detection and Response in 2023

Managed Detection and Response in 2023 PDF Alongside other security solutions, we provide Kaspersky Managed Detection and Response MDR to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both machine-learning ...

7AI score
Exploits0
Securelist
Securelist
added 2022/03/01 1:30 p.m.13 views

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security...

6.9AI score
Exploits0
Securelist
Securelist
added 2022/02/07 10:0 a.m.13 views

Roaming Mantis reaches Europe

Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones Roaming Mantis dabbles i...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/10/18 11:0 a.m.13 views

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group also known as Hexane, which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/06/10 1:21 p.m.13 views

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air,...

6.6AI score
Exploits0
Securelist
Securelist
added 2026/07/07 10:0 a.m.12 views

Threat landscape for industrial automation systems. Q1 2026

All threats The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023. Percentage of ICS computers on which malicious objects were blocked, Q2 2023–Q1...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/06/29 10:0 a.m.12 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Securelist
Securelist
added 2026/05/28 6:55 a.m.12 views

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Introduction In late April 2026, a client reached out to us for incident response support after discovering a miner running on users' computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update fo...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/05/04 10:0 a.m.12 views

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

5.8AI score
Exploits0
Securelist
Securelist
added 2025/12/24 7:0 a.m.12 views

Evasive Panda APT poisons DNS requests to deliver MgBot

Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/11 7:30 a.m.12 views

It didn’t take long: CVE-2025-55182 is now under active exploitation

On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React2Shell, as it affects React Server Components RSC functionality used in web applications built with the React library. RSC...

10CVSS7.9AI score0.99562EPSS
Exploits374
Securelist
Securelist
added 2025/12/02 10:7 a.m.12 views

Kaspersky Security Bulletin 2025. Statistics

All statistics in this report come from Kaspersky Security Network KSN, a global cloud service that receives information from components in our security solutions voluntarily provided by Kaspersky users. Millions of Kaspersky users around the globe assist us in collecting information about...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/10/28 3:0 a.m.12 views

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Introduction Primarily focused on financial gain since its appearance, BlueNoroff aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444 has adopted new infiltration strategies and malware sets over time, but it still targets blockchain developers, C-level executives, and...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/09/16 10:0 a.m.12 views

RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT

Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels' modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. The...

9.3CVSS8.7AI score0.99933EPSS
Exploits29
Securelist
Securelist
added 2025/05/13 10:0 a.m.12 views

Using a Mythic agent to optimize penetration testing

Introduction The way threat actors use post-exploitation frameworks in their attacks is a topic we frequently discuss. It's not just about analysis of artifacts for us, though. Our company's deep expertise means we can study these tools to implement best practices in penetration testing. This hel...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/02/05 12:0 p.m.12 views

Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024

"Nigerian" spam is a collective term for messages designed to entice victims with alluring offers and draw them into an email exchange with scammers, who will try to defraud them of their money. The original "Nigerian" spam emails were sent in the name of influential and wealthy individuals from...

6.8AI score
Exploits0
Securelist
Securelist
added 2024/11/27 10:0 a.m.12 views

Consumer and privacy predictions for 2025

Overview of 2024 consumer cyberthreats and trends predictions Part of the Kaspersky Security Bulletin, our predictions for 2024 identified key consumer cyberthreats and trends shaped by global events, technological advances and evolving user behavior. Last year, we suggested that charity-related...

7AI score
Exploits0
Securelist
Securelist
added 2024/08/27 10:0 a.m.12 views

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/08/19 10:0 a.m.12 views

BlindEagle flying high in Latin America

BlindEagle, also known as "APT-C-36", is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/05/14 11:0 a.m.12 views

Incident response analyst report 2023

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/12/13 10:0 a.m.12 views

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platfo...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/11/28 8:0 a.m.12 views

Privacy predictions 2023

Our last edition of privacy predictions focused on a few important trends where business and government interests intersect, with regulators becoming more active in a wide array of privacy issues. Indeed, we saw regulatory activity around the globe. In the US, for example, the FTC has requested...

6.7AI score
Exploits0
Securelist
Securelist
added 2022/03/24 10:0 a.m.12 views

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Attackers tend to copy design elements from the real website, which is why users can find it hard to distinguish the fake pages from the official ones. Even...

7.1AI score
Exploits0
Securelist
Securelist
added 2026/06/25 10:0 a.m.11 views

Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools

Small and medium-sized businesses SMBs remain attractive targets for cybercriminals – in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/05/22 9:12 a.m.11 views

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

9.3CVSS7.7AI score0.93289EPSS
Exploits7
Securelist
Securelist
added 2026/04/20 9:22 a.m.11 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/03/10 10:0 a.m.11 views

BeatBanker: A dual‑mode Android Trojan

Recently, we uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banki...

6AI score
Exploits0
Securelist
Securelist
added 2025/12/19 10:0 a.m.11 views

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process CVE-2018-0802 to download and execute malicious cod...

9.3CVSS8.8AI score0.93289EPSS
Exploits7
Securelist
Securelist
added 2025/09/05 9:0 a.m.12 views

IT threat evolution in Q2 2025. Non-mobile statistics

IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

10CVSS9.6AI score0.99359EPSS
Exploits45
Securelist
Securelist
added 2025/06/05 10:0 a.m.11 views

IT threat evolution in Q1 2025. Non-mobile statistics

IT threat evolution in Q1 2025. Non-mobile statistics IT threat evolution in Q1 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

8.4CVSS7.2AI score0.00471EPSS
Exploits1
Securelist
Securelist
added 2025/02/19 10:0 a.m.11 views

Spam and phishing in 2024

The year in figures 27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam 18% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments Our Anti-Phishing system thwarted 893,216,170 attempts to...

7AI score
Exploits0
Securelist
Securelist
added 2025/01/29 10:0 a.m.11 views

Threat predictions for industrial enterprises 2025

Key global cyberthreat landscape development drivers Hunt for innovations Innovations are changing our lives. Today, the world is on the threshold of another technical revolution. Access to new technologies is a ticket to the future, a guarantee of economic prosperity and political sovereignty...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/10/29 2:0 p.m.11 views

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Introduction Organizations often rely on a layered defense strategy, yet breaches still occur, slipping past multiple levels of protection unnoticed. This is where compromise assessment enters the game. The primary objective of these services is risk reduction. They help discover active...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/10/14 7:0 a.m.11 views

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequence...

7.1AI score
Exploits0
Securelist
Securelist
added 2026/04/24 8:0 a.m.10 views

PhantomRPC: A new privilege escalation technique in Windows RPC

Intro Windows Interprocess Communication IPC is one of the most complex technologies within the Windows operating system. At the core of this ecosystem is the Remote Procedure Call RPC mechanism, which can function as a standalone communication channel or as the underlying transport layer for mor...

6.6AI score
Exploits0
Total number of security vulnerabilities1025