Lucene search
K
SecurelistMost viewed

1026 matches found

Securelist
Securelist
added 2024/10/29 2:0 p.m.11 views

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Introduction Organizations often rely on a layered defense strategy, yet breaches still occur, slipping past multiple levels of protection unnoticed. This is where compromise assessment enters the game. The primary objective of these services is risk reduction. They help discover active...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/10/14 7:0 a.m.11 views

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequence...

7.1AI score
Exploits0
Securelist
Securelist
added 2026/02/19 11:0 a.m.10 views

Arkanix Stealer: a C++ & Python infostealer

Introduction In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed "Arkanix Stealer" by its authors. It operated under a MaaS malware-as-a-service model, providing users not only with the implant but also with access to a control panel featuring...

6AI score
Exploits0
Securelist
Securelist
added 2026/01/29 3:7 p.m.10 views

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

UPD 30.01.2026: Added technical details about the attack chain and more IoCs. On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by the Indian company MicroWorld Technologies. The previously unknown malware was distributed through the...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/12/19 8:0 a.m.10 views

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/17 10:0 a.m.10 views

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Introduction In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. We previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed ...

8.3CVSS9AI score0.08404EPSS
Exploits6
Securelist
Securelist
added 2025/12/09 11:25 a.m.10 views

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/07/14 10:0 a.m.10 views

Forensic journey: Breaking down the UserAssist artifact structure

Introduction As members of the Global Emergency Response Team GERT, we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and track adversarial activities,...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/04/16 10:0 a.m.10 views

Streamlining detection engineering in security operation centers

Security operations centers SOCs exist to protect organizations from cyberthreats by detecting and responding to attacks in real time. They play a crucial role in preventing security breaches by detecting adversary activity at every stage of an attack, working to minimize damage and enabling an...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/01/31 10:0 a.m.10 views

One policy to rule them all

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...

7AI score
Exploits0
Securelist
Securelist
added 2024/11/13 10:0 a.m.10 views

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

What is GNSS? Global Navigation Satellite Systems GNSS are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS US, GLONASS Russia, Galileo EU, BeiDou Navigation Satellite System BDS, China, Navigation...

8.4AI score
Exploits0
Securelist
Securelist
added 2024/09/25 10:0 a.m.10 views

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures TTPs among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups...

8.1AI score
Exploits0
Securelist
Securelist
added 2024/09/03 8:0 a.m.10 views

IT threat evolution in Q2 2024. Mobile statistics

Quarterly figures According to Kaspersky Security Network, in Q2 2024: 7 million attacks using malware, adware or unwanted mobile software were blocked. The most common threat to mobile devices was RiskTool software – 41% of all detected threats. A total of 367,418 malicious installation packages...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/02/06 10:0 a.m.10 views

BSides NYC, a volunteer organized event put on by and for the community

Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world. I've been a long time...

6.8AI score
Exploits0
Securelist
Securelist
added 2026/05/12 7:0 a.m.9 views

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

6AI score
Exploits0
Securelist
Securelist
added 2026/05/06 1:0 p.m.9 views

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/04/01 6:0 a.m.9 views

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/03/04 10:0 a.m.9 views

Mobile malware evolution in 2025

Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/12/16 10:0 a.m.9 views

God Mode On: how we attacked a vehicle’s head unit modem

Introduction Imagine you're cruising down the highway in your brand-new electric car. All of a sudden, the massive multimedia display fills with Doom, the iconic 3D shooter game. It completely replaces the navigation map or the controls menu, and you realize someone is playing it remotely right...

8.3CVSS8.9AI score0.00176EPSS
Exploits0
Securelist
Securelist
added 2025/10/15 1:0 p.m.9 views

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control C2 server verifies each download to ensure it originates from the malware itself. The whol...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/10/15 10:0 a.m.9 views

Mysterious Elephant: a growing threat

Introduction Mysterious Elephant is a highly active advanced persistent threat APT group that we at Kaspersky GReAT discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and procedures TTPs to stay under the radar. With a primary focus on targeting government...

9.3CVSS9.5AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2025/08/06 10:0 a.m.9 views

Driver of destruction: How a legitimate driver is being used to take down AV processes

Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus AV killer software that has been circulating in the wild since at least October 2024. This malicious artifact abuses the ThrottleStop.sys driver, delivered together with the malware, to terminate numero...

8.7CVSS7AI score0.06702EPSS
Exploits8
Securelist
Securelist
added 2025/04/08 10:0 a.m.9 views

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage , on the ma...

7.9AI score
Exploits0
Securelist
Securelist
added 2025/03/25 8:0 a.m.9 views

Financial cyberthreats in 2024

As more and more financial transactions are conducted in digital form each year, financial threats comprise a large piece of the global cyberthreat landscape. That's why Kaspersky researchers analyze the trends related to these threats and share an annual report highlighting the main dangers to...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/12/12 10:0 a.m.9 views

Careto is back: what’s new after 10 years of silence?

During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, our researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/10/31 10:0 a.m.9 views

Loose-lipped neural networks and lazy scammers

One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where...

6.6AI score
Exploits0
Securelist
Securelist
added 2024/10/01 10:0 a.m.9 views

Key Group: another ransomware group using leaked builders

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group's activity was released in 2023 by BI.ZONE, a...

7.6AI score
Exploits0
Securelist
Securelist
added 2026/06/26 1:0 p.m.8 views

Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk

About the vulnerability The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automatio...

8.5CVSS7.3AI score0.00419EPSS
Exploits0
Securelist
Securelist
added 2026/04/20 9:1 a.m.8 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/09 9:30 a.m.8 views

The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/02/11 10:0 a.m.8 views

Spam and phishing in 2025

The year in figures 44.99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam 32.50% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 144,722,674 malicious email attachments Our Anti-Phishing system thwarted 554,002,207 attemp...

6.3AI score
Exploits0
Securelist
Securelist
added 2025/12/23 12:0 p.m.8 views

Assessing SIEM effectiveness

A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/11/21 10:0 a.m.8 views

ToddyCat: your hidden email assistant. Part 1

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure for example, by deploying Microsoft Exchange Server or through cloud mail services such as Microsoft 365 or Gmail. However, some organizations do not...

6.6AI score
Exploits0
Securelist
Securelist
added 2025/10/17 7:0 a.m.8 views

SEO spam and hidden links: how to protect your website and your reputation

When analyzing the content of websites in an attempt to determine what category it belongs to, we sometimes get an utterly unexpected result. It could be the official page of a metal structures manufacturer or online flower shop, or, say, a law firm website, with completely neutral content, but o...

7.8AI score
Exploits0
Securelist
Securelist
added 2025/09/25 10:0 a.m.8 views

Massive npm infection: the Shai-Hulud worm and patient zero

Introduction The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more...

7AI score
Exploits0
Securelist
Securelist
added 2025/09/19 10:0 a.m.8 views

Threat landscape for industrial automation systems in Q2 2025

Statistics across all threats In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%. Percentage of ICS computers on which malicious objects were blocked, Q2 2022–Q2 2025 Compared to Q2 2024, the rate decreased by...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/09/02 10:0 a.m.8 views

Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it

When you visit almost any website, you'll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. We randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/06/25 10:0 a.m.8 views

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

Cyberattackers often view small and medium-sized businesses SMBs as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to brea...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/03/11 10:0 a.m.8 views

DCRat backdoor returns

Since the beginning of the year, we've been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service MaaS model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting t...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/03/03 10:0 a.m.8 views

Mobile malware evolution in 2024

These statistics are based on detection alerts from Kaspersky products, collected from users who consented to provide statistical data to Kaspersky Security Network. The statistics for previous years may differ from earlier publications due to a data and methodology revision implemented in 2024...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/02/20 8:0 a.m.8 views

Managed detection and response in 2024

Kaspersky Managed Detection and Response service MDR provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky's SOC team. It sheds light on the...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/11/19 10:0 a.m.8 views

Scammer Black Friday offers: Online shopping threats and dark web sales

Intro The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by...

7AI score
Exploits0
Securelist
Securelist
added 2026/05/06 9:30 a.m.7 views

Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

5.5AI score
Exploits0
Securelist
Securelist
added 2026/04/30 7:0 a.m.7 views

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. We have attributed this activity to the Silver Fox threat group. Both...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/03/25 11:0 a.m.7 views

Anatomy of a Cyber World Global Report 2026

Kaspersky Security Services provide a comprehensive cybersecurity ecosystem, taking enterprise threat protection to another level. Services like Kaspersky Managed Detection and Response and Compromise Assessment allow for timely detection of threats and cyberattacks. SOC Consulting provides a...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/02/11 2:0 p.m.7 views

The game is over: when “free” comes at too high a price. What we know about RenEngine

We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discover...

6AI score
Exploits0
Securelist
Securelist
added 2025/10/22 10:0 a.m.7 views

Deep analysis of the flaw in BetterBank reward logic

Executive summary From August 26 to 27, 2025, BetterBank, a decentralized finance DeFi protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/10/21 10:0 a.m.7 views

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Introduction Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some ar...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/09/10 2:0 p.m.7 views

Notes of cyber inspector: three clusters of threat in cyberspace

Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 we predicted that the involvement of hacktivist groups in all major...

6.6AI score
Exploits0
Securelist
Securelist
added 2025/07/07 10:0 a.m.7 views

Batavia spyware steals data from Russian organizations

Introduction Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe translation: contract, attachment among employees at various Russian organizations. The targeted attack begins with bait...

7.3AI score
Exploits0
Total number of security vulnerabilities1026