An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil. This article has been indexed from Securelist Read…
Tag: Securelist
Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security. This article has been indexed from Securelist Read the original article: Missed incidents, persistent threats, and response gaps: Insights…
OpenClaw: risks for agent users and how to mitigate them
Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them. This article has been indexed from Securelist Read the original article: OpenClaw: risks for agent users and how to…
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure. This article has been indexed from Securelist…
ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. This article has been…
The Gentlemen are knocking: сustom backdoors and evolving tactics
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant. This article has been indexed from Securelist Read the original article: The Gentlemen are knocking: сustom backdoors and evolving…
Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools
Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web. This article has been indexed from Securelist Read the original article: Inside the…
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware. This article has been indexed from Securelist Read the original article: StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
A VBScript campaign distributed through WhatsApp deploying RMM software
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain. This article has been indexed from Securelist Read the original article: A VBScript campaign distributed through…
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia. This article has been indexed…
Argamal: Malware hidden in hentai games
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. This article has been indexed from Securelist Read the original article: Argamal: Malware hidden in hentai games
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. This article has been indexed from Securelist Read…
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. This article has been indexed from Securelist Read the original article: Containers on fire: from container escapes to supply chain…
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. This article has been indexed from Securelist Read the…
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module. This article has been…
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems. This article has been indexed from Securelist Read the…
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102). This article has been indexed from Securelist Read the original article: How an image could compromise your Mac: understanding an ExifTool vulnerability…
IT threat evolution in Q1 2026. Non-mobile statistics
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026. This article has been indexed from Securelist Read the original article: IT…
IT threat evolution in Q1 2026. Mobile statistics
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2026. Mobile…
Kimsuky targets organizations with PebbleDash-based tools
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster. This article has been indexed from Securelist Read the original article: Kimsuky targets organizations with PebbleDash-based tools