Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2024/10/29 10:0 a.m.7 views

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/09/26 8:0 a.m.7 views

Threat landscape for industrial automation systems, Q2 2024

Statistics across all threats In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached it...

7.3AI score
Exploits0
Securelist
Securelist
added 2026/03/26 11:1 a.m.6 views

An AI gateway designed to steal your data

A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/03/26 8:0 a.m.6 views

Coruna: the framework used in Operation Triangulation

Introduction On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used b...

7.8CVSS7.8AI score0.51517EPSS
Exploits3
Securelist
Securelist
added 2025/12/12 10:0 a.m.6 views

Following the digital trail: what happens to data stolen in a phishing attack

Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/10/14 10:0 a.m.6 views

Signal in the noise: what hashtags reveal about hacktivism in 2025

What do hacktivist campaigns look like in 2025? To answer this question, we analyzed more than 11,000 posts produced by over 120 hacktivist groups circulating across both the surface web and the dark web, with a particular focus on groups targeting MENA countries. The primary goal of our research...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/10/01 10:0 a.m.6 views

Forensic journey: hunting evil within AmCache

Introduction When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the operating system, and at the time o...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/09/15 10:0 a.m.6 views

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers

Introduction In this article, we explore how the Model Context Protocol MCP — the new "plug-in bus" for AI assistants — can be weaponized as a supply chain foothold. We start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proof of concept:...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/08/22 9:0 a.m.6 views

Modern vehicle cybersecurity trends

Modern vehicles are transforming into full-fledged digital devices that offer a multitude of features, from common smartphone-like conveniences to complex intelligent systems and services designed to keep everyone on the road safe. However, this digitalization, while aimed at improving comfort an...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/08/08 9:0 a.m.6 views

Scammers mass-mailing the Efimer Trojan to steal crypto

Introduction In June, we encountered a mass mailing campaign impersonating lawyers from a major company. These emails falsely claimed the recipient's domain name infringed on the sender's rights. The messages contained the Efimer malicious script, designed to steal cryptocurrency. This script als...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/07/10 11:0 a.m.6 views

Code highlighting with Cursor AI for $500,000

Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on thes...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/06/23 8:0 a.m.6 views

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Update 25.06.2025: Apple removed the malicious app from the App Store. In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims' crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a...

6.5AI score
Exploits0
Securelist
Securelist
added 2026/06/08 8:0 a.m.5 views

From cause to cash: a cross-border look at hacktivist activity

While tracking the activities of 4BID we uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian...

3.2CVSS6.5AI score0.00177EPSS
Exploits0
Securelist
Securelist
added 2026/03/16 11:0 a.m.5 views

Free real estate: GoPix, the banking Trojan living off your memory

Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...

5.9AI score
Exploits0
Securelist
Securelist
added 2025/11/24 12:30 p.m.5 views

To buy or not to buy: How cybercriminals capitalize on Black Friday

The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/11/20 11:37 a.m.5 views

Inside the dark web job market

In 2022, we published our research examining how IT specialists look for work on the dark web. Since then, the job market has shifted, along with the expectations and requirements placed on professionals. However, recruitment and headhunting on the dark web remain active. So, what does this job...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/11/20 10:0 a.m.5 views

Blockchain and Node.js abused by Tsundere: an emerging botnet

Introduction Tsundere is a new botnet, discovered by our Kaspersky GReAT around mid-2025. We have correlated this threat with previous reports from October 2024 that reveal code similarities, as well as the use of the same C2 retrieval method and wallet. In that instance, the threat actor created...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/10/14 8:0 a.m.5 views

The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts

Introduction Windows 11 was released a few years ago, yet it has seen relatively weak enterprise adoption. According to statistics from our Global Emergency Response Team GERT investigations, as recently as early 2025, we found that Windows 7, which reached end of support in 2020, was encountered...

6.5AI score
Exploits0
Securelist
Securelist
added 2026/04/08 9:0 a.m.4 views

Financial cyberthreats in 2025 and the outlook for 2026

In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than...

5.8AI score
Exploits0
Securelist
Securelist
added 2025/10/21 8:0 a.m.4 views

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

Introduction Back in 2024, we gave a brief description of a complex cyberespionage campaign that we dubbed "PassiveNeuron". This campaign involved compromising the servers of government organizations with previously unknown APT implants, named "Neursite" and "NeuralExecutor". However, since its...

8.4AI score
Exploits0
Securelist
Securelist
added 2025/10/06 8:0 a.m.4 views

How we trained an ML model to detect DLL hijacking

DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/10/06 8:0 a.m.4 views

Detecting DLL hijacking with machine learning: real-world cases

Introduction Our colleagues from the AI expertise center recently developed a machine-learning model that detects DLL-hijacking attacks. We then integrated this model into the Kaspersky Unified Monitoring and Analysis Platform SIEM system. In a separate article, our colleagues shared how the mode...

8.8CVSS6.9AI score0.14387EPSS
Exploits0
Securelist
Securelist
added 2025/12/03 8:10 p.m.3 views

Shai Hulud 2.0, now with a wiper flavor

In September, a new breed of malware distributed via compromised Node Package Manager npm packages made headlines. It was dubbed "Shai-Hulud", and we published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malwa...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/10/17 10:0 a.m.3 views

Post-exploitation framework now also delivered via npm

Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/08/29 10:0 a.m.3 views

How attackers adapt to built-in macOS protection

If a system is popular with users, you can bet it's just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end...

6.6AI score
Exploits0
Total number of security vulnerabilities1025