In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity field as a whole.| securelist.com
Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025.| Securelist
Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor's new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.| Securelist
Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP's architecture, attack vectors and follow a proof of concept to see how it can be abused.| Securelist
This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.| securelist.com
The report contains statistics on mobile threats (malware, adware, and unwanted software for Android) for Q2 2025, as well as a description of the most notable malware types identified during the reporting period.| Securelist
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q2 2025.| Securelist
Kaspersky experts explain the different types of cookies, how to configure them correctly, and how to protect yourself from session hijacking attacks.| Securelist
We analyze the built-in protection mechanisms in macOS: how they work, how threat actors can attack them or deceive users, and how to detect such attacks.| Securelist
This report provides statistical data on published vulnerabilities and exploits we researched in Q2 2025. It also includes summary data on the use of C2 frameworks.| Securelist
Modern vehicles, their current and future threats, and approaches to automotive cybersecurity.| securelist.com
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.| securelist.com
Scammers are camouflaging phishing links with QR codes and distributing them through email.| securelist.com
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.| securelist.com
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.| securelist.com
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.| securelist.com
Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.| securelist.com
We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve.| securelist.com
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.| securelist.com
Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.| securelist.com
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam.| securelist.com
This article is a deep dive intended for a complete understanding of these four banking trojan families: Guildma, Javali, Melcoz and Grandoreiro.| securelist.com
Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.| securelist.com
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.| securelist.com
Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. This campaign was active immediately prior to Central…| securelist.com
As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.| securelist.com
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.| securelist.com
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.| securelist.com
This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks.| securelist.com
A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023.| securelist.com
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.| securelist.com
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.| securelist.com
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
Today we'd like to share some of our findings, and add something new to what's currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.| securelist.com
We discovered a previously unknown mobile APT campaign targeting iOS devices. We are calling this campaign "Operation Triangulation"| securelist.com
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.| securelist.com
The Emotet Trojan is a highly automated and developing, territorially-targeted bank threat. Its small size, the dispersal methods used and the modular architecture, all make Emotet a very effective weapon for the cyber-criminal.| securelist.com
Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing.| securelist.com