News

Securelist
securelist.com > goserpent-backdoor-in-southeast-asia > 120687

GoSerpent backdoor attacks in Southeast Asia

9+ hour, 59+ min ago  (952+ words) In February 2026 we discovered a set of malicious activities that have been ongoing since late 2025. These activities involved a RAT module written in Go with proxy capabilities, serving as the main stage of the attack. The attack targeted government and…...

Securelist
securelist.com > industrial-threat-report-q1-2026 > 120643

Threat landscape for industrial automation systems. Q1 2026

1+ week, 2+ day ago  (1612+ words) The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023. Regionally, the percentages ranged from 9.1% in Northern Europe to…...

Google News
securelist.com > microsoft-device-code-phishing-attack > 120350

When checking the URL isn’t enough: phishing via the Microsoft identity platform

1+ week, 3+ day ago  (796+ words) 2. Displaying the code to the user The device displays both the user_code and the verification_uri to the user, instructing them to complete authentication on another device. For instance, a smart TV will display the code and URL — often rendering the verification_uri as a…...

Securelist
securelist.com > tr > the-soc-files-screenconnect-campaign-with-asyncrat > 120472

How a single ScreenConnect incident exposed a massive campaign

2+ week, 1+ day ago  (1337+ words) posted 01 Jul 2026 During a recent investigation engagement, the Kaspersky Managed Detection and Response (MDR) team discovered the ScreenConnect remote access tool being leveraged to deploy and execute an AsyncRAT payload. We continue to break down complex, multi-stage incidents like this…...

Securelist
securelist.com > tr > schneider-electric-cve-2024-2658-vulnerability > 120436

CVE-2024-2658 vulnerability in Schneider Electric software: risks to industrial control systems

2+ week, 6+ day ago  (386+ words) posted 26 Jun 2026 This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls. We will examine the role the FlexNet Publisher component…...

Securelist
securelist.com > smb-threat-report-2026 > 120357

Threat landscape for SMBs in 2026: fake AI tools, phishing and more

3+ week, 11+ hour ago  (784+ words) Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals – in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to…...

Securelist
securelist.com > tr > hacktivists-broaden-attack-geography > 120115

Hacktivists are broadening their scope beyond political motivation

1+ mon, 1+ week ago  (1673+ words) posted 08 Jun 2026 What triggered our investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. We used these footprints to successfully track down other environments hit by the same threat actors and piece together the…...

Securelist
securelist.com > tr > mini-plasma-vulner > 120099

MiniPlasma: detecting exploitation

1+ mon, 1+ week ago  (437+ words) posted 03 Jun 2026 Over the past two months, the anonymous researcher Nightmare Eclipse (also known as Chaotic Eclipse) has publicly released six Windows vulnerabilities complete with ready-to-use exploits, without prior coordination with Microsoft. The most critical of these is MiniPlasma, a…...

Securelist
securelist.com > container-attack-vectors > 120010

Containers on fire: from container escapes to supply chain attacks

1+ mon, 2+ week ago  (1103+ words) Today, attacks on container environments have evolved into full-fledged, multi-stage scenarios involving supply chain compromises, Kubernetes secrets theft, orchestration API abuse, and container escape attempts. This article examines the primary container attack vectors that retain top relevance today. A container…...

Securelist
securelist.com > malware-report-q1-2026-mobile-statistics > 119819

Q1 2026 Android threat landscape

1+ mon, 4+ week ago  (636+ words) IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except…...