AITrojans masquerading as DeepSeek and Grok clients
We found several groups of sites mimicking official websites of the DeepSeek and Grok chatbots. Fake sites distribute malware under the guise of non-existent chatbot clients for Windows.
Latest
minersMiner inconvenience: how cybercriminals blackmail YouTubers into promoting malware
Cybercriminals are blackmailing YouTube bloggers into posting malware links in their video descriptions.
What events help an MDR service detect attacks?
What information does an MDR service need to protect a company from complex targeted attacks?
tipsHow to safely convert files
Online converters are a tempting but dangerous way to change file formats. We tell you how to convert files and not get trojanized.
Attack on Google OAuth using abandoned domains
A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.
privacyHow smartphones build a dossier on you
We break down the most covert mechanism of smartphone surveillance using real-life examples.
file storageHow to safely scan large file storage for malware
A step-by-step guide to scanning disk arrays weighing tens of terabytes with the aid of Kaspersky products.
Malicious code on GitHub: How hackers target programmers
We discovered over 200 repositories with fake projects on GitHub. Using them, attackers distribute stealers, clippers, and backdoors.
Gamers
Gamers beware: Trojans have invaded Steam
If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.
How scammers attack young gamers
Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.
Live hack: Apex Legends esports tournament scandal
Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.
Mario Forever, malware too: a free game with a miner and Trojans inside
Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.
Minecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
Business
UnitedHealth ransomware attack
A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.
XMRig miner as a New Year’s gift
Just a few hours before 2025, we recorded a surge in cryptominer distribution through video games. Interestingly, not only home PCs but also corporate machines were affected.
vulnerabilitiesSLAP and FLOP: Complex vulnerabilities in Apple CPUs
New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.
Ransomware: the most notable attacks of 2024
$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Popular
Critical vulnerability in Apache Log4j library
Researchers discovered a critical vulnerability in Apache Log4j library, which scores perfect 10 out of 10 in CVSS. Here’s how to protect against it.
Case study: fake hardware cryptowallet
Full review of a fake cryptowallet incident. It looks and feels like a Trezor wallet, but puts all your crypto-investments into the hands of criminals.
Five things to update ASAP
Prioritize updating the apps that keep your devices and personal data safe from cyberattacks.
Update iOS, there is a dangerous vulnerability in WebKit
Dangerous vulnerability in WebKit (CVE-2022-22620) is believed to be actively exploited by hackers. Update your iOS devices as soon as possible!
What to do if you lose your phone with an authenticator app
Can’t sign in to an account because your authenticator app is on a lost phone? Here’s what to do.
Infected Android app store
The APKPure app store has been infected by a malicious module that downloads Trojans to Android devices.
Follina: office documents as an entrance
New vulnerability CVE-2022-30190, aka Follina, allows exploitation of Windows Support Diagnostic Tool via MS Office files.
Tips
Spam 101: what is spam, and how to defeat it
It feels as if spam is as old as the internet itself. The post looks at the money-making scams devised over the years, and how to avoid them today.
New Year’s resolutions for a cybersecure 2025
Mistakes to learn from in 2024 – and resolutions for a safer 2025.
How safe is encrypted file storage?
Threats to data stored in Sync, pCloud, and other encrypted alternatives to Dropbox.
How to save your finances on Black Friday
Black Friday is a great opportunity for scammers to line their pockets — but not with your money if you follow our advice.