Business

How open-source security solutions became the starting point for a massive attack on other popular applications, and what organizations that use them should do.

In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.

Threat actors are promoting pages containing malicious instructions for installing AI agents intended for workflow automation.

The latest update to Kaspersky Cloud Workload Security adds support for an AI assistant for image analysis.

An in-depth analysis of CVE-2026-3102, a vulnerability posing a potential threat to anyone processing images on a Mac.

What is the purpose of a local version of the Kaspersky Threat Attribution Engine, and how to hook it up to IDA Pro?

Various cases of the ClickFix technique used in real world attacks.

Attackers are delivering phishing links via Google Tasks notifications.

What corporate security teams should do about the “viral” AI agent.

Breaking down core cybersecurity terms that colleagues often interpret differently or incorrectly.

Kaspersky SIEM got a set of correlation rules for detecting attempts to exploit vulnerabilities for authentication bypass in Fortinet products.

Why is it useful to attribute malware to a specific hacker group?

Detecting attacks related to compromised accounts with AI and other updates in Kaspersky SIEM.

The top-10 risks of deploying autonomous AI agents, and our mitigation recommendations.

What is the year 2038 problem — also known as “Unix Y2K” — and how to prepare corporate IT systems for it?

Crooks are impersonating your brand to attack customers, partners, and employees. How do you spot — and stop — an attack of the clones?

Who can you trust in the cybersecurity solutions market? Fourteen major vendors were compared in terms of transparency, security management, and data-handling practices – and guess which was a leader across the board?!…

GReAT experts have analyzed a new targeted campaign by the ForumTroll APT group.

How automation turns legitimate tools into a channel for malware delivery.

Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How to check if your server is vulnerable, and protect corporate web assets?

Identifying threats to embedded devices, and how the updated Kaspersky Embedded Systems Security can help in tackling them?