Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2025/09/05 9:0 a.m.16 views

IT threat evolution in Q2 2025. Mobile statistics

IT threat evolution in Q2 2025. Mobile statistics IT threat evolution in Q2 2025. Non-mobile statistics The mobile section of our quarterly cyberthreat report includes statistics on malware, adware, and potentially unwanted software for Android, as well as descriptions of the most notable threats...

6.7AI score
Exploits0
Securelist
Securelist
added 2025/09/05 9:0 a.m.12 views

IT threat evolution in Q2 2025. Non-mobile statistics

IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

10CVSS9.6AI score0.99359EPSS
Exploits45
Securelist
Securelist
added 2025/09/02 10:0 a.m.8 views

Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it

When you visit almost any website, you'll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. We randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/08/29 10:0 a.m.3 views

How attackers adapt to built-in macOS protection

If a system is popular with users, you can bet it's just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end...

6.6AI score
Exploits0
Securelist
Securelist
added 2025/08/27 10:0 a.m.13 views

Exploits and vulnerabilities in Q2 2025

Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverag...

10CVSS8.9AI score0.99959EPSS
Exploits400
Securelist
Securelist
added 2025/08/22 9:0 a.m.6 views

Modern vehicle cybersecurity trends

Modern vehicles are transforming into full-fledged digital devices that offer a multitude of features, from common smartphone-like conveniences to complex intelligent systems and services designed to keep everyone on the road safe. However, this digitalization, while aimed at improving comfort an...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/08/19 10:0 a.m.15 views

GodRAT – New RAT targeting financial institutions

Summary In September 2024, we detected malicious activity targeting financial trading and brokerage firms through the distribution of malicious .scr screen saver files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan RAT named...

7.9AI score
Exploits0
Securelist
Securelist
added 2025/08/18 9:0 a.m.14 views

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...

9.3CVSS8.7AI score0.9923EPSS
Exploits59
Securelist
Securelist
added 2025/08/13 8:0 a.m.15 views

New trends in phishing and scams: how AI and social media are changing the game

Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events:...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/08/08 9:0 a.m.6 views

Scammers mass-mailing the Efimer Trojan to steal crypto

Introduction In June, we encountered a mass mailing campaign impersonating lawyers from a major company. These emails falsely claimed the recipient's domain name infringed on the sender's rights. The messages contained the Efimer malicious script, designed to steal cryptocurrency. This script als...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/08/06 10:0 a.m.9 views

Driver of destruction: How a legitimate driver is being used to take down AV processes

Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus AV killer software that has been circulating in the wild since at least October 2024. This malicious artifact abuses the ThrottleStop.sys driver, delivered together with the malware, to terminate numero...

8.7CVSS7AI score0.06702EPSS
Exploits8
Securelist
Securelist
added 2025/07/30 9:0 a.m.25 views

Cobalt Strike Beacon delivered via GitHub and social media

Introduction In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered...

7AI score
Exploits0
Securelist
Securelist
added 2025/07/25 7:0 a.m.14 views

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...

9.8CVSS9AI score0.99979EPSS
Exploits51
Securelist
Securelist
added 2025/07/21 8:0 a.m.21 views

The SOC files: Rumble in the jungle or APT41’s new target in Africa

Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware. One of the C2s was a captive SharePoint serve...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/07/17 8:0 a.m.35 views

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...

9CVSS8.7AI score0.99965EPSS
Exploits30
Securelist
Securelist
added 2025/07/14 10:0 a.m.10 views

Forensic journey: Breaking down the UserAssist artifact structure

Introduction As members of the Global Emergency Response Team GERT, we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and track adversarial activities,...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/07/10 11:0 a.m.6 views

Code highlighting with Cursor AI for $500,000

Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on thes...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/07/08 10:0 a.m.15 views

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

In our previous article we dissected penetration testing techniques for IBM z/OS mainframes protected by the Resource Access Control Facility RACF security package. In this second part of our research, we delve deeper into RACF by examining its decision-making logic, database structure, and the...

8AI score
Exploits0
Securelist
Securelist
added 2025/07/07 10:0 a.m.7 views

Batavia spyware steals data from Russian organizations

Introduction Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe translation: contract, attachment among employees at various Russian organizations. The targeted attack begins with bait...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/06/25 10:0 a.m.8 views

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

Cyberattackers often view small and medium-sized businesses SMBs as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to brea...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/06/23 8:0 a.m.6 views

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Update 25.06.2025: Apple removed the malicious app from the App Store. In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims' crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a...

6.5AI score
Exploits0
Securelist
Securelist
added 2025/06/11 10:0 a.m.25 views

Toxic trend: Another malware threat targets DeepSeek

Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/06/09 10:0 a.m.26 views

Sleep with one eye open: how Librarian Ghouls steal data by night

Introduction Librarian Ghouls, also known as "Rare Werewolf" and "Rezet", is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targetin...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/06/06 10:0 a.m.18 views

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...

6.5CVSS8.5AI score0.86489EPSS
Exploits0
Securelist
Securelist
added 2025/06/05 10:0 a.m.11 views

IT threat evolution in Q1 2025. Non-mobile statistics

IT threat evolution in Q1 2025. Non-mobile statistics IT threat evolution in Q1 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

8.4CVSS7.2AI score0.00471EPSS
Exploits1
Securelist
Securelist
added 2025/06/05 10:0 a.m.19 views

IT threat evolution in Q1 2025. Mobile statistics

IT threat evolution in Q1 2025. Mobile statistics IT threat evolution in Q1 2025. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in the first quarter of 2025: A total of 12 million attacks on mobile devices involving malware, adware, or unwanted apps were blocked...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/06/03 10:0 a.m.15 views

Host-based logs, container-based threats: How to tell where an attack began

The risks associated with containerized environments Although containers provide an isolated runtime environment for applications, this isolation is often overestimated. While containers encapsulate dependencies and ensure consistency, the fact that they share the host system's kernel introduces...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/05/30 12:0 p.m.29 views

Exploits and vulnerabilities in Q1 2025

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the C...

9.3CVSS9AI score0.99945EPSS
Exploits351
Securelist
Securelist
added 2025/05/28 10:0 a.m.22 views

Zanubis in motion: Tracing the active evolution of the Android banking malware

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/05/21 10:0 a.m.23 views

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Introduction Imagine a container zombie outbreak where a single infected container scans the internet for an exposed Docker API, and bites exploits it by creating new malicious containers and compromising the running ones, thus transforming them into new "zombies" that will mine for Dero currency...

7.9AI score
Exploits0
Securelist
Securelist
added 2025/05/15 1:7 p.m.13 views

Threat landscape for industrial automation systems in Q1 2025

Trends Relative stability from quarter to quarter. The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Over the last three quarters, the value has ranged from 22.0% to 21.9%. The quarterly figures are decreasing from year to year. Sinc...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/05/13 10:0 a.m.12 views

Using a Mythic agent to optimize penetration testing

Introduction The way threat actors use post-exploitation frameworks in their attacks is a topic we frequently discuss. It's not just about analysis of artifacts for us, though. Our company's deep expertise means we can study these tools to implement best practices in penetration testing. This hel...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/05/07 10:0 a.m.16 views

State of ransomware in 2025

Global ransomware trends and numbers With the International Anti-Ransomware Day just around the corner on May 12, Kaspersky explores the ever-changing ransomware threat landscape and its implications for cybersecurity. According to Kaspersky Security Network data, the number of ransomware...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/04/29 10:0 a.m.40 views

Outlaw cybergang attacking targets worldwide

Introduction In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw also known as "Dota" is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its...

8.1AI score
Exploits0
Securelist
Securelist
added 2025/04/25 10:0 a.m.20 views

Triada strikes back

Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...

8.2AI score
Exploits0
Securelist
Securelist
added 2025/04/24 5:0 a.m.46 views

Operation SyncHole: Lazarus APT goes back to the well

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. The campaign, dubbed "Operation SyncHole...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/04/22 1:0 p.m.15 views

Russian organizations targeted by backdoor masquerading as secure networking software updates

As we were looking into a cyberincident in April 2025, we uncovered a rather sophisticated backdoor. It targeted various large organizations in Russia, spanning the government, finance, and industrial sectors. While our investigation into the attack associated with the backdoor is still ongoing, ...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/04/21 12:0 p.m.45 views

Lumma Stealer – Tracking distribution channels

Introduction The evolution of Malware-as-a-Service MaaS has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/04/21 8:0 a.m.21 views

Phishing attacks leveraging HTML code inside SVG files

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/04/17 8:0 a.m.29 views

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several...

7.8CVSS8AI score0.73381EPSS
Exploits11
Securelist
Securelist
added 2025/04/16 10:0 a.m.10 views

Streamlining detection engineering in security operation centers

Security operations centers SOCs exist to protect organizations from cyberthreats by detecting and responding to attacks in real time. They play a crucial role in preventing security breaches by detecting adversary activity at every stage of an attack, working to minimize damage and enabling an...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/04/10 10:0 a.m.25 views

GOFFEE continues to attack organizations in Russia

GOFFEE is a threat actor that first came to our attention in early 2022. Since then, we have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/04/08 10:0 a.m.9 views

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage , on the ma...

7.9AI score
Exploits0
Securelist
Securelist
added 2025/04/07 10:0 a.m.24 views

How ToddyCat tried to hide behind AV software

To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. For example, to hide their activity in Windows systems, cybercriminals...

8.4CVSS8.2AI score0.02014EPSS
Exploits0
Securelist
Securelist
added 2025/04/04 10:0 a.m.21 views

A journey into forgotten Null Session and MS-RPC interfaces, part 2

In the first part of our research, I demonstrated how we revived the concept of no authentication null session after many years. This involved enumerating domain information, such as users, without authentication. I walked you through the entire process, starting with the difference between no-au...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/04/02 10:0 a.m.14 views

TookPS: DeepSeek isn’t the only game in town

In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader, a malware strain detailed in the article, was not limited to mimicking neural networks. We identified...

8.1AI score
Exploits0
Securelist
Securelist
added 2025/03/25 9:30 p.m.52 views

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web...

8.3CVSS8.5AI score0.08404EPSS
Exploits6
Securelist
Securelist
added 2025/03/25 8:0 a.m.9 views

Financial cyberthreats in 2024

As more and more financial transactions are conducted in digital form each year, financial threats comprise a large piece of the global cyberthreat landscape. That's why Kaspersky researchers analyze the trends related to these threats and share an annual report highlighting the main dangers to...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/03/21 10:0 a.m.16 views

Threat landscape for industrial automation systems in Q4 2024

Statistics across all threats In Q4 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.1 pp from the previous quarter to 21.9%. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared to Q4 2023, the percentage...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/03/19 10:0 a.m.27 views

Arcane stealer: We want all your data

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...

7.3AI score
Exploits0
Total number of security vulnerabilities1025