News
GoSerpent backdoor attacks in Southeast Asia
9+ hour, 59+ min ago (952+ words) In February 2026 we discovered a set of malicious activities that have been ongoing since late 2025. These activities involved a RAT module written in Go with proxy capabilities, serving as the main stage of the attack. The attack targeted government and…...
Threat landscape for industrial automation systems. Q1 2026
1+ week, 2+ day ago (1612+ words) The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023. Regionally, the percentages ranged from 9.1% in Northern Europe to…...
When checking the URL isn’t enough: phishing via the Microsoft identity platform
1+ week, 3+ day ago (796+ words) 2. Displaying the code to the user The device displays both the user_code and the verification_uri to the user, instructing them to complete authentication on another device. For instance, a smart TV will display the code and URL — often rendering the verification_uri as a…...
How a single ScreenConnect incident exposed a massive campaign
2+ week, 1+ day ago (1337+ words) posted 01 Jul 2026 During a recent investigation engagement, the Kaspersky Managed Detection and Response (MDR) team discovered the ScreenConnect remote access tool being leveraged to deploy and execute an AsyncRAT payload. We continue to break down complex, multi-stage incidents like this…...
CVE-2024-2658 vulnerability in Schneider Electric software: risks to industrial control systems
2+ week, 6+ day ago (386+ words) posted 26 Jun 2026 This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls. We will examine the role the FlexNet Publisher component…...
Threat landscape for SMBs in 2026: fake AI tools, phishing and more
3+ week, 11+ hour ago (784+ words) Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals – in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to…...
Hacktivists are broadening their scope beyond political motivation
1+ mon, 1+ week ago (1673+ words) posted 08 Jun 2026 What triggered our investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. We used these footprints to successfully track down other environments hit by the same threat actors and piece together the…...
MiniPlasma: detecting exploitation
1+ mon, 1+ week ago (437+ words) posted 03 Jun 2026 Over the past two months, the anonymous researcher Nightmare Eclipse (also known as Chaotic Eclipse) has publicly released six Windows vulnerabilities complete with ready-to-use exploits, without prior coordination with Microsoft. The most critical of these is MiniPlasma, a…...
Containers on fire: from container escapes to supply chain attacks
1+ mon, 2+ week ago (1103+ words) Today, attacks on container environments have evolved into full-fledged, multi-stage scenarios involving supply chain compromises, Kubernetes secrets theft, orchestration API abuse, and container escape attempts. This article examines the primary container attack vectors that retain top relevance today. A container…...
Q1 2026 Android threat landscape
1+ mon, 4+ week ago (636+ words) IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except…...