We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.| Securelist
Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor's new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.| Securelist
Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP's architecture, attack vectors and follow a proof of concept to see how it can be abused.| Securelist
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.| securelist.com
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.| securelist.com
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.| securelist.com
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.| securelist.com
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.| securelist.com
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.| securelist.com
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.| securelist.com
