Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2026/07/07 10:0 a.m.11 views

Threat landscape for industrial automation systems. Q1 2026

All threats The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023. Percentage of ICS computers on which malicious objects were blocked, Q2 2023–Q1...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/07/06 9:0 a.m.25 views

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

One of the most common pieces of anti-phishing advice is to double-check the website's domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, we encountered a...

6AI score
Exploits0
Securelist
Securelist
added 2026/07/03 10:0 a.m.31 views

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

Introduction During our routine threat monitoring, we uncovered a new phishing campaign tied to a previously unknown APT group that we dubbed Armored Likho also known as Eagle Werewolf based on circumstantial evidence. This targeted campaign focuses heavily on government agencies and the electric...

6.5AI score
Exploits0
Securelist
Securelist
added 2026/07/02 9:0 a.m.20 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
Securelist
Securelist
added 2026/07/01 10:0 a.m.24 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/07/01 6:42 a.m.14 views

OpenClaw: risks for the users and how to mitigate them

OpenClaw, which was previously known as Clawdbot and Moltbot, is today one of the most successful and fast‑growing ecosystems for AI agents, recognized worldwide. The project quickly became popular with users because of its flexibility and ability to solve fairly complex tasks that previously...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/06/30 10:0 a.m.31 views

ToddyCat: your hidden email assistant. Part 2

Introduction We continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, we examined the group's attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/06/29 10:0 a.m.12 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Securelist
Securelist
added 2026/06/26 1:0 p.m.8 views

Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk

About the vulnerability The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automatio...

8.5CVSS7.3AI score0.00419EPSS
Exploits0
Securelist
Securelist
added 2026/06/25 10:0 a.m.11 views

Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools

Small and medium-sized businesses SMBs remain attractive targets for cybercriminals – in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/06/24 10:0 a.m.13 views

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader

Introduction During our research of activity affecting a diplomatic organization in Indonesia, we uncovered a previously undocumented malware family that we have named SharkLoader. What initially appeared to be an isolated case quickly expanded into a broader campaign as we identified additional...

10CVSS7.6AI score0.99984EPSS
Exploits480
Securelist
Securelist
added 2026/06/22 10:0 a.m.20 views

A VBScript campaign distributed through WhatsApp deploying RMM software

In June 2026, we observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, wi...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/06/16 9:0 a.m.18 views

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

5.5AI score
Exploits0
Securelist
Securelist
added 2026/06/08 8:0 a.m.5 views

From cause to cash: a cross-border look at hacktivist activity

While tracking the activities of 4BID we uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian...

3.2CVSS6.5AI score0.00177EPSS
Exploits0
Securelist
Securelist
added 2026/06/03 9:0 a.m.29 views

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/06/02 12:0 p.m.22 views

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...

5.6AI score
Exploits0
Securelist
Securelist
added 2026/06/01 10:0 a.m.21 views

Containers on fire: from container escapes to supply chain attacks

Introduction Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for efficient automation. However, as containers grow in popularity...

9.3CVSS7.7AI score0.9857EPSS
Exploits61
Securelist
Securelist
added 2026/05/29 7:0 a.m.13 views

What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant

Introduction Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of contain...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/05/28 6:55 a.m.12 views

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Introduction In late April 2026, a client reached out to us for incident response support after discovering a miner running on users' computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update fo...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/05/22 9:12 a.m.11 views

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

9.3CVSS7.7AI score0.93289EPSS
Exploits7
Securelist
Securelist
added 2026/05/20 9:2 a.m.17 views

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

8.8CVSS7.2AI score0.03411EPSS
Exploits2
Securelist
Securelist
added 2026/05/18 12:0 p.m.17 views

IT threat evolution in Q1 2026. Mobile statistics

IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/05/18 12:0 p.m.16 views

IT threat evolution in Q1 2026. Non-mobile statistics

IT threat evolution in Q1 2026. Non-mobile statistics IT threat evolution in Q1 2026. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

10CVSS6.5AI score0.27551EPSS
Exploits4
Securelist
Securelist
added 2026/05/14 11:0 a.m.14 views

Kimsuky targets organizations with PebbleDash-based tools

Over the past few months, we have conducted an in-depth analysis of specific activity clusters of Kimsuky aka APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Velvet Chollima, and Springtail, a prolific Korean-speaking threat actor. Our research revealed notable tactical shifts throughout...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/05/12 7:0 a.m.9 views

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

6AI score
Exploits0
Securelist
Securelist
added 2026/05/08 8:0 a.m.14 views

CVE-2025-68670: discovering an RCE vulnerability in xrdp

In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the...

9.8CVSS6.8AI score0.01318EPSS
Exploits0
Securelist
Securelist
added 2026/05/07 10:0 a.m.20 views

Exploits and vulnerabilities in Q1 2026

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and...

10CVSS7.9AI score0.99979EPSS
Exploits223
Securelist
Securelist
added 2026/05/06 1:0 p.m.9 views

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/05/06 9:30 a.m.7 views

Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

5.5AI score
Exploits0
Securelist
Securelist
added 2026/05/04 10:0 a.m.12 views

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/30 7:0 a.m.7 views

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. We have attributed this activity to the Silver Fox threat group. Both...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/04/24 8:0 a.m.10 views

PhantomRPC: A new privilege escalation technique in Windows RPC

Intro Windows Interprocess Communication IPC is one of the most complex technologies within the Windows operating system. At the core of this ecosystem is the Remote Procedure Call RPC mechanism, which can function as a standalone communication channel or as the underlying transport layer for mor...

6.6AI score
Exploits0
Securelist
Securelist
added 2026/04/20 9:22 a.m.11 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/20 9:1 a.m.8 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/15 12:30 p.m.16 views

Threat landscape for industrial automation systems in Q4 2025

Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023. Percentage of IC...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/13 9:0 a.m.29 views

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/04/09 9:30 a.m.8 views

The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/04/08 9:0 a.m.4 views

Financial cyberthreats in 2025 and the outlook for 2026

In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/01 6:0 a.m.9 views

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/03/26 11:1 a.m.6 views

An AI gateway designed to steal your data

A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/03/26 8:0 a.m.6 views

Coruna: the framework used in Operation Triangulation

Introduction On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used b...

7.8CVSS7.8AI score0.51517EPSS
Exploits3
Securelist
Securelist
added 2026/03/25 11:0 a.m.7 views

Anatomy of a Cyber World Global Report 2026

Kaspersky Security Services provide a comprehensive cybersecurity ecosystem, taking enterprise threat protection to another level. Services like Kaspersky Managed Detection and Response and Compromise Assessment allow for timely detection of threats and cyberattacks. SOC Consulting provides a...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/03/18 11:0 a.m.19 views

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Introduction In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot , a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex...

6AI score
Exploits0
Securelist
Securelist
added 2026/03/16 11:0 a.m.5 views

Free real estate: GoPix, the banking Trojan living off your memory

Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/03/10 10:0 a.m.11 views

BeatBanker: A dual‑mode Android Trojan

Recently, we uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banki...

6AI score
Exploits0
Securelist
Securelist
added 2026/03/06 10:0 a.m.13 views

Exploits and vulnerabilities in Q4 2025

The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries and mainstream applications. Several of these vulnerabilities were picked up by attackers and exploited in the wild almost immediately...

10CVSS7.3AI score0.99979EPSS
Exploits887
Securelist
Securelist
added 2026/03/04 10:0 a.m.9 views

Mobile malware evolution in 2025

Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/02/19 11:0 a.m.10 views

Arkanix Stealer: a C++ & Python infostealer

Introduction In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed "Arkanix Stealer" by its authors. It operated under a MaaS malware-as-a-service model, providing users not only with the implant but also with access to a control panel featuring...

6AI score
Exploits0
Securelist
Securelist
added 2026/02/17 9:0 a.m.16 views

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect...

6.7AI score
Exploits0
Securelist
Securelist
added 2026/02/11 2:0 p.m.7 views

The game is over: when “free” comes at too high a price. What we know about RenEngine

We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discover...

6AI score
Exploits0
Total number of security vulnerabilities1025