VIRUS-NEWS
OkoBot: new sophisticated malware framework targets cryptocurrency users
by Yaroslav Kikel15 Jul 2026 at 10:00am
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer.
Threat landscape for industrial automation systems. Q1 2026
by Kaspersky ICS CERT7 Jul 2026 at 10:00am
This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry.
When checking the URL isn?t enough: a Device Code Phishing attack via a Micro...
by Roman Dedenok6 Jul 2026 at 9:00am
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
by Kaspersky3 Jul 2026 at 10:00am
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.
Missed incidents, persistent threats, and response gaps: Insights from compro...
by Victor Sergeev, Amged Wageh2 Jul 2026 at 9:00am
Kaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to enhance your organization's security.
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-sc...
by Denis Kulik1 Jul 2026 at 10:00am
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
OpenClaw: risks for the users and how to mitigate them
by Kaspersky1 Jul 2026 at 6:42am
Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing tips on how to mitigate them.
ToddyCat: your hidden email assistant. Part 2
by Andrey Gunkin30 Jun 2026 at 10:00am
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.
The Gentlemen are knocking: ?ustom backdoors and evolving tactics
by Fatih ?ensoy, Maher Yamout29 Jun 2026 at 10:00am
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.
Beware of the license manager: how a Schneider Electric software vulnerabilit...
by Valery Akulenko26 Jun 2026 at 1:00pm
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; learn how to mitigate the risk.
