Kaspersky official blog

Syncro + Lovable: RAT delivery via AI-generated websites

Attacks using Syncro & AI-generated websites

How attackers use AI-generated fake websites to distribute trojanized builds of the legitimate Syncro remote access tool (RAT).

Latest

The real Black Friday discounts: finding them with AI

Hacking Black Friday: using LLMs to save on the “sale of the year”

We’re going bargain hunting in a new way: armed with AI. In this post: examples of effective prompts.

How to securely vet browser extensions across your organization

Browser extensions: never trust, always verify

Systematic measures and tools that organizations can use to defend against malicious browser extensions.

How a fake AI sidebar can steal your data

AI sidebar spoofing: a new attack on AI browsers

How malicious extensions can spoof AI sidebars in the Comet and Atlas browsers, intercept user queries, and manipulate model responses.

CVE-2024-12649: vulnerability in the Canon TTF interpreter

Printers attacked by… fonts

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

What is the Pixnapping vulnerability, and how to protect your Android smartphone?

Pixnapping vulnerability: unblockable screenshots of your Android phone

Pixnapping is an Android vulnerability discovered by researchers that allows apps to steal passwords, one-time codes, and other confidential information from the screen without any special permissions from the operating system. How does it work, and what can you do to protect yourself?

FileFix: a new ClickFix variation

Malicious actors have started utilizing a new variation of the ClickFix technique — named “FileFix”. We explain how it works, and how to defend your company against it.

How scammers use email for blackmail and extortion

Email extortion: how scammers use blackmail

You’ve received a threatening email. What’s your next move?

Half of the world's satellite traffic is unencrypted

Don’t look up, or How to intercept satellite data

Researchers have discovered that 50% of data transmitted via satellites is unencrypted. This includes your mobile calls and texts, along with banking, military, government, and other sensitive information. How did this happen, and what can we do about it?

Gamers

The CVE-2025-59489 vulnerability in Unity, and how to fix it in games

Vulnerability in Unity game engine

Any game based on the popular Unity engine made in the last eight years can allow attackers to get into your computer or smartphone. Here’s what to do about it.

Viruses on official Steam, Minecraft, and Endgame Gear sites

Gamers under fire: malware on official websites

Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.

Trojanized game PirateFi discovered on Steam

Gamers beware: Trojans have invaded Steam

If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.

How cybercriminals attack young gamers: the most common and dangerous scams

How scammers attack young gamers

Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.

Hackers disrupt Apex Legends esports tournament

Live hack: Apex Legends esports tournament scandal

Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.