We identified targeted infection attempts against large Russian organizations using the ViPNet update system (a software suite for creating secure networks). This article has been indexed from Securelist Read the original article: HelloNet campaign — new malicious modules launched through…
Tag: Securelist
GoSerpent: a persistent threat evolves with sophisticated data collection and exfiltration
Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia. This article has been indexed from Securelist Read the original article: GoSerpent: a persistent threat evolves with sophisticated…
OkoBot: new sophisticated malware framework targets cryptocurrency users
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer. This article has been indexed from Securelist Read the…
Threat landscape for industrial automation systems. Q1 2026
This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems. Q1 2026
When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. This article has been indexed from Securelist Read the original article: When checking the URL…
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil. This article has been indexed from Securelist Read…
Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security. This article has been indexed from Securelist Read the original article: Missed incidents, persistent threats, and response gaps: Insights…
OpenClaw: risks for agent users and how to mitigate them
Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them. This article has been indexed from Securelist Read the original article: OpenClaw: risks for agent users and how to…
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure. This article has been indexed from Securelist…
ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. This article has been…
The Gentlemen are knocking: сustom backdoors and evolving tactics
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant. This article has been indexed from Securelist Read the original article: The Gentlemen are knocking: сustom backdoors and evolving…
Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools
Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web. This article has been indexed from Securelist Read the original article: Inside the…
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware. This article has been indexed from Securelist Read the original article: StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
A VBScript campaign distributed through WhatsApp deploying RMM software
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain. This article has been indexed from Securelist Read the original article: A VBScript campaign distributed through…
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia. This article has been indexed…
Argamal: Malware hidden in hentai games
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine. This article has been indexed from Securelist Read the original article: Argamal: Malware hidden in hentai games
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. This article has been indexed from Securelist Read…
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. This article has been indexed from Securelist Read the original article: Containers on fire: from container escapes to supply chain…
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. This article has been indexed from Securelist Read the…
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module. This article has been…