stealersJarkaStealer in PyPI repository
Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.
supply chain
22 articles
routersOutdated Cisco equipment under threat from firmware
Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.
LinuxThree common attacks on Linux in homes
Even if you don’t know it, you probably have devices running Linux at home — and they need protection too! Here are three Linux threats that even IT professionals often forget about.
Supply-chain attack on 3CX clients
Cybercriminals are attacking 3CX VoIP telephony software users via trojanized applications.
Four malicious packages in npm repository
New malicious campaign hunts for Discord tokens and credit card information via infected npm packages.
Five reasons to protect small business from cyberthreats
Five arguments in favor of installing security solutions on the endpoints of a small company.
What are the possible consequences of Okta hack?
Hackers from Lapsus$ group claim they breached Okta, a major provider of access management systems.
vulnerabilitiesInvisible implants in source code
Researchers from Cambridge describe the Trojan Source method for inserting hidden implants in source code.
Popular JavaScript package UAParser.js infected with malware
Npm package UAParser.js, installed on tens of millions of computers worldwide, has been infected with a password stealer and a miner. Here’s what to do.
Cyberattack analysis and quick response
Blocking a threat isn’t enough; you have to understand and reconstruct the whole infection chain.
PHP language source code compromise attempt
Unknown attackers tried to add a backdoor to PHP scripting language source code.
transparencyThe Internet Governance Forum, transparency, and stalkerware
Kaspersky was honored to take part in the 15th annual Internet Governance Forum.
“Puss in Boots” APT campaign
Charles Perrault explains how hired hackers use social engineering and watering hole attacks for political purposes.
small businessSupply chain as SMB threat
Small businesses may not be the main target of cybercriminals, but it does not mean an SMB will not fall victim to a supply-chain attack. How not to become collateral damage.
ShadowHammer: New details
It appears the ASUS incident was just one part of the large-scale operation.
Potential problems with third-party Web plugins
Do you use plugins on your website? Make sure they are updated regularly.
podcastTransatlantic Cable podcast, episode 84
In this episode of the Kaspersky Lab podcast, Dave and Jeff take a look at a bad week for Facebook, a backdoor into ASUS, downed flights in the US, and more.
ShadowHammer: Malicious updates for ASUS laptops
Our technologies detected a threat that seems to be one of the biggest supply-chain attacks ever.
Cybersecurity report from Middle-earth
Analysis of Sauron’s hacking tools implemented in the devices known as Rings of Power.
A bad link in the cryptochain
A supply-chain attack against Copay cryptowallets through an open-source library enables bitcoin theft.
Common SMB mistakes: The supply-chain attack
Case study: An analysis of insufficient safety practices at a small advertising agency.