Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2026/02/11 10:0 a.m.8 views

Spam and phishing in 2025

The year in figures 44.99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam 32.50% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 144,722,674 malicious email attachments Our Anti-Phishing system thwarted 554,002,207 attemp...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/02/05 9:0 a.m.10 views

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Introduction Stan Ghouls also known as Bloody Wolf is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT...

5.5AI score
Exploits0
Securelist
Securelist
added 2026/02/03 8:10 a.m.39 views

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs

UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/01/29 3:7 p.m.9 views

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

UPD 30.01.2026: Added technical details about the attack chain and more IoCs. On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by the Indian company MicroWorld Technologies. The previously unknown malware was distributed through the...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/01/27 8:0 a.m.13 views

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...

6.2AI score
Exploits0
Securelist
Securelist
added 2025/12/29 10:0 a.m.23 views

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/12/25 10:0 a.m.16 views

Threat landscape for industrial automation systems in Q3 2025

Statistics across all threats In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Percentage of ICS computers on which malicious objects were blocked, Q3 2022–...

9.3CVSS6.3AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2025/12/24 7:0 a.m.12 views

Evasive Panda APT poisons DNS requests to deliver MgBot

Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/23 12:0 p.m.8 views

Assessing SIEM effectiveness

A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/12/23 8:0 a.m.16 views

From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net:...

9.8CVSS9.3AI score0.51507EPSS
Exploits7
Securelist
Securelist
added 2025/12/19 10:0 a.m.11 views

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process CVE-2018-0802 to download and execute malicious cod...

9.3CVSS8.8AI score0.93289EPSS
Exploits7
Securelist
Securelist
added 2025/12/19 8:0 a.m.10 views

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/17 10:0 a.m.10 views

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Introduction In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. We previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed ...

8.3CVSS9AI score0.08404EPSS
Exploits6
Securelist
Securelist
added 2025/12/16 10:0 a.m.9 views

God Mode On: how we attacked a vehicle’s head unit modem

Introduction Imagine you're cruising down the highway in your brand-new electric car. All of a sudden, the massive multimedia display fills with Doom, the iconic 3D shooter game. It completely replaces the navigation map or the controls menu, and you realize someone is playing it remotely right...

8.3CVSS8.9AI score0.00176EPSS
Exploits0
Securelist
Securelist
added 2025/12/15 7:0 a.m.10 views

Frogblight threatens you with a court case: a new Android banker targets Turkish users

In August 2025, we discovered a campaign targeting individuals in Turkey with a new Android banking Trojan we dubbed "Frogblight". Initially, the malware was disguised as an app for accessing court case files via an official government webpage. Later, more universal disguises appeared, such as th...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/12/12 10:0 a.m.6 views

Following the digital trail: what happens to data stolen in a phishing attack

Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/12/12 8:0 a.m.13 views

Turn me on, turn me off: Zigbee assessment in industrial environments

We all encounter IoT and home automation in some form or another, from smart speakers to automated sensors that control water pumps. These services appear simple and straightforward to us, but many devices and protocols work together under the hood to deliver them. One of those protocols is Zigbe...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/12/11 12:0 p.m.16 views

Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/11 7:30 a.m.12 views

It didn’t take long: CVE-2025-55182 is now under active exploitation

On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React2Shell, as it affects React Server Components RSC functionality used in web applications built with the React library. RSC...

10CVSS7.9AI score0.99562EPSS
Exploits374
Securelist
Securelist
added 2025/12/09 11:25 a.m.10 views

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/12/03 8:10 p.m.3 views

Shai Hulud 2.0, now with a wiper flavor

In September, a new breed of malware distributed via compromised Node Package Manager npm packages made headlines. It was dubbed "Shai-Hulud", and we published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malwa...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/12/03 10:0 a.m.14 views

Exploits and vulnerabilities in Q3 2025

In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the...

10CVSS9.3AI score0.99979EPSS
Exploits454
Securelist
Securelist
added 2025/12/02 10:7 a.m.12 views

Kaspersky Security Bulletin 2025. Statistics

All statistics in this report come from Kaspersky Security Network KSN, a global cloud service that receives information from components in our security solutions voluntarily provided by Kaspersky users. Millions of Kaspersky users around the globe assist us in collecting information about...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/11/28 7:0 a.m.22 views

Tomiris wreaks Havoc: New tools and techniques of the APT group

While tracking the activities of the Tomiris threat actor, we identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic...

8.5AI score
Exploits0
Securelist
Securelist
added 2025/11/26 10:0 a.m.13 views

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated online chat. That was the tech scene in 2001, the same year when Sir Dystic of Cult of the Dead Cow...

8.8CVSS8.5AI score0.97798EPSS
Exploits91
Securelist
Securelist
added 2025/11/24 12:30 p.m.5 views

To buy or not to buy: How cybercriminals capitalize on Black Friday

The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/11/21 10:0 a.m.8 views

ToddyCat: your hidden email assistant. Part 1

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure for example, by deploying Microsoft Exchange Server or through cloud mail services such as Microsoft 365 or Gmail. However, some organizations do not...

6.6AI score
Exploits0
Securelist
Securelist
added 2025/11/20 11:37 a.m.5 views

Inside the dark web job market

In 2022, we published our research examining how IT specialists look for work on the dark web. Since then, the job market has shifted, along with the expectations and requirements placed on professionals. However, recruitment and headhunting on the dark web remain active. So, what does this job...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/11/20 10:0 a.m.5 views

Blockchain and Node.js abused by Tsundere: an emerging botnet

Introduction Tsundere is a new botnet, discovered by our Kaspersky GReAT around mid-2025. We have correlated this threat with previous reports from October 2024 that reveal code similarities, as well as the use of the same C2 retrieval method and wallet. In that instance, the threat actor created...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/11/19 10:0 a.m.13 views

IT threat evolution in Q3 2025. Mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics The quarter at a glance In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/11/19 10:0 a.m.13 views

IT threat evolution in Q3 2025. Non-mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics Quarterly figures In Q3 2025: Kaspersky solutions blocked more than 389 million attacks that originated with various online resources. Web Anti-Virus responded to 52 million unique links. File...

9.8CVSS7.2AI score0.15593EPSS
Exploits0
Securelist
Securelist
added 2025/10/28 3:0 a.m.12 views

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Introduction Primarily focused on financial gain since its appearance, BlueNoroff aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444 has adopted new infiltration strategies and malware sets over time, but it still targets blockchain developers, C-level executives, and...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/10/27 3:0 a.m.24 views

Mem3nt0 mori – The Hacking Team is back!

In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was...

10CVSS9.1AI score0.08404EPSS
Exploits6
Securelist
Securelist
added 2025/10/22 10:0 a.m.7 views

Deep analysis of the flaw in BetterBank reward logic

Executive summary From August 26 to 27, 2025, BetterBank, a decentralized finance DeFi protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/10/21 10:0 a.m.7 views

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Introduction Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some ar...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/10/21 8:0 a.m.4 views

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

Introduction Back in 2024, we gave a brief description of a complex cyberespionage campaign that we dubbed "PassiveNeuron". This campaign involved compromising the servers of government organizations with previously unknown APT implants, named "Neursite" and "NeuralExecutor". However, since its...

8.4AI score
Exploits0
Securelist
Securelist
added 2025/10/17 10:0 a.m.3 views

Post-exploitation framework now also delivered via npm

Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/10/17 7:0 a.m.8 views

SEO spam and hidden links: how to protect your website and your reputation

When analyzing the content of websites in an attempt to determine what category it belongs to, we sometimes get an utterly unexpected result. It could be the official page of a metal structures manufacturer or online flower shop, or, say, a law firm website, with completely neutral content, but o...

7.8AI score
Exploits0
Securelist
Securelist
added 2025/10/15 1:0 p.m.9 views

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control C2 server verifies each download to ensure it originates from the malware itself. The whol...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/10/15 10:0 a.m.9 views

Mysterious Elephant: a growing threat

Introduction Mysterious Elephant is a highly active advanced persistent threat APT group that we at Kaspersky GReAT discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and procedures TTPs to stay under the radar. With a primary focus on targeting government...

9.3CVSS9.5AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2025/10/14 10:0 a.m.6 views

Signal in the noise: what hashtags reveal about hacktivism in 2025

What do hacktivist campaigns look like in 2025? To answer this question, we analyzed more than 11,000 posts produced by over 120 hacktivist groups circulating across both the surface web and the dark web, with a particular focus on groups targeting MENA countries. The primary goal of our research...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/10/14 8:0 a.m.5 views

The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts

Introduction Windows 11 was released a few years ago, yet it has seen relatively weak enterprise adoption. According to statistics from our Global Emergency Response Team GERT investigations, as recently as early 2025, we found that Windows 7, which reached end of support in 2020, was encountered...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/10/06 8:0 a.m.4 views

How we trained an ML model to detect DLL hijacking

DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/10/06 8:0 a.m.4 views

Detecting DLL hijacking with machine learning: real-world cases

Introduction Our colleagues from the AI expertise center recently developed a machine-learning model that detects DLL-hijacking attacks. We then integrated this model into the Kaspersky Unified Monitoring and Analysis Platform SIEM system. In a separate article, our colleagues shared how the mode...

8.8CVSS6.9AI score0.14387EPSS
Exploits0
Securelist
Securelist
added 2025/10/01 10:0 a.m.6 views

Forensic journey: hunting evil within AmCache

Introduction When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the operating system, and at the time o...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/09/25 10:0 a.m.8 views

Massive npm infection: the Shai-Hulud worm and patient zero

Introduction The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more...

7AI score
Exploits0
Securelist
Securelist
added 2025/09/19 10:0 a.m.8 views

Threat landscape for industrial automation systems in Q2 2025

Statistics across all threats In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%. Percentage of ICS computers on which malicious objects were blocked, Q2 2022–Q2 2025 Compared to Q2 2024, the rate decreased by...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/09/16 10:0 a.m.12 views

RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT

Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels' modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. The...

9.3CVSS8.7AI score0.99933EPSS
Exploits29
Securelist
Securelist
added 2025/09/15 10:0 a.m.6 views

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers

Introduction In this article, we explore how the Model Context Protocol MCP — the new "plug-in bus" for AI assistants — can be weaponized as a supply chain foothold. We start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proof of concept:...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/09/10 2:0 p.m.7 views

Notes of cyber inspector: three clusters of threat in cyberspace

Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 we predicted that the involvement of hacktivist groups in all major...

6.6AI score
Exploits0
Total number of security vulnerabilities1025