messengersPhishing via WhatsApp under the guise of online voting
We discovered a new wave of attacks on WhatsApp users in which attackers steal victims’ accounts using fake voting pages and social engineering on social networks.
Latest
Might it be time to move over to XDR?
Using our Kaspersky Next product line as an example, we explain the practical differences between XDR Optimum and EDR Optimum.
Internal expertise vs. managed security
Which path of cybersecurity team evolution best suits your company’s strategy?
Kaspersky for AndroidA new layer of anti-phishing security in Kaspersky for Android
The Kaspersky for Android app can now detect malicious links in notifications from any app.
phishingHow phishers and scammers use AI
Artificial intelligence has given scammers a new set of tools for deception — from generating deepfakes, to instantly setting up phishing websites or fraudulent email campaigns. Let’s discuss the latest AI trends in phishing and scams — and how to stay safe.
vulnerabilitiesLovense vulnerabilities: insecure adult toys
This is a tale about how vulnerabilities in apps by intimate-toy maker Lovense exposed users’ identities and allowed for account takeovers — a problem the company ignored for years.
Virtual-machine escape – in a Spectre v2 attack
A fresh research paper shows how complex vulnerabilities in CPUs can be leveraged in the most pertinent attacks on cloud-based systems.
Gamers under fire: malware on official websites
Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.
AINew types of attacks on AI-powered assistants and chatbots
A close look at attacks on LLMs: from ChatGPT and Claude to Copilot and other AI-assistants that power popular apps.
Gamers
Gamers beware: Trojans have invaded Steam
If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.
How scammers attack young gamers
Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.
Live hack: Apex Legends esports tournament scandal
Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.
Mario Forever, malware too: a free game with a miner and Trojans inside
Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.
Minecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
Business
npm registry attacked by secret-stealing worm
A new large-scale attack on a popular JavaScript code registry has hit around 150 packages. The automatic propagation of the threat makes it especially dangerous — developers need to react ASAP.
supply-chain attackPopular npm packages compromised
Unknown attackers have compromised several popular npm packages in a supply-chain attack.
Three approaches to workplace “shadow AI” from the cybersecurity standpoint
Most employees are already using personal LLM subscriptions for work tasks. How do you balance staying competitive with preventing data leaks?
Vulnerabilities in WordPress themes and plugins: how to protect your site
WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.
Serious NX build compromise — what you need to know about the s1ngularity attack
A popular developer tool has been trojanized and is uploading secrets to public GitHub repositories. We discuss what’s important to know for both developers and cybersecurity services.
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Business
