All posts

We follow the trail of a phishing attack to break down, step-by-step, what happens to the data stolen from users.

From karaoke rooms to gynecology clinics — these are just some of the tens of thousands of locations where compromised IP cameras were discovered in South Korea. Here’s how to avoid unwittingly starring in steamy videos you didn’t authorize.

How automation turns legitimate tools into a channel for malware delivery.

A new wave of ClickFix attacks spreading a macOS infostealer are posting malicious user guides on the official ChatGPT website by piggybacking the chatbot’s chat-sharing feature.

The Whisper Leak attack allows its perpetrator to guess the topic of your conversation with an AI assistant — without decrypting the traffic. We explore how this is possible, and what you can do to protect your AI chats.

Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How to check if your server is vulnerable, and protect corporate web assets?

How researchers hacked DeckMate 2 card shufflers, and how the mafia exploited those very vulnerabilities to cheat at poker.

Identifying threats to embedded devices, and how the updated Kaspersky Embedded Systems Security can help in tackling them?

Researchers have discovered how to connect to someone else’s dashcam in a matter of seconds, and weaponize it for future attacks.

Here’s how to mitigate the risks of targeted attacks on your organization’s mail servers.

How attackers use AI-generated fake websites to distribute trojanized builds of the legitimate Syncro remote access tool (RAT).

We’re going bargain hunting in a new way: armed with AI. In this post: examples of effective prompts.

Systematic measures and tools that organizations can use to defend against malicious browser extensions.

How malicious extensions can spoof AI sidebars in the Comet and Atlas browsers, intercept user queries, and manipulate model responses.

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Pixnapping is an Android vulnerability discovered by researchers that allows apps to steal passwords, one-time codes, and other confidential information from the screen without any special permissions from the operating system. How does it work, and what can you do to protect yourself?

Malicious actors have started utilizing a new variation of the ClickFix technique — named “FileFix”. We explain how it works, and how to defend your company against it.

You’ve received a threatening email. What’s your next move?

Researchers have discovered that 50% of data transmitted via satellites is unencrypted. This includes your mobile calls and texts, along with banking, military, government, and other sensitive information. How did this happen, and what can we do about it?

The differences between an MXDR service for a large enterprise, and one that would fit perfectly into the security framework of a growing SMB.

Which social networks mostly just display your posts to your friends, and which ones use them for AI training and ad targeting? We explore the 2025 privacy rankings for popular social media platforms.