To crypt, or to mine – that is the question
Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this...
Ransomware and malicious crypto miners in 2016-2018
Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to...
Pbot: evolving adware
The adware PBot (PythonBot) got its name because its core modules are written in Python. It was more than a year ago that we...
Modern OSs for embedded systems
At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering...
Olympic Destroyer is still alive
In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic...
LuckyMouse hits national data center to organize country-level waterholing campaign
What happened?
In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active...
A MitM extension for Chrome
Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable...
FIFA public Wi-Fi guide: which host cities have the most secure networks?
We all know how easy it is for users to connect to open Wi-Fi networks in public places. Well, it is equally straightforward for...
Netkids
Children today are completely at home in the digital space. They use digital diaries and textbooks at school, communicate via instant messaging, play games...
Trojan watch
We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we...
Latest article
Operation Endgame 4.0 – 153,527 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Accelerate security investigations with Kiro CLI
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...
Close Encounters of the Human Kind
Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...
