Kaspersky official blog

250,000 misconfigurations in GitHub Actions

Potential Threat: misconfigurations in GitHub Actions

A GReAT study has identified ~250,000 potential security issues in publicly accessible GitHub Actions.

Latest

How hackers use PowerShell scripts to steal Telegram accounts

Your Telegram account can be stolen without a password or verification code

Hackers have developed a PowerShell script that hijacks Telegram sessions and grants an attacker access to accounts without a password or verification codes. Here’s a breakdown of how it works and how to stay safe.

How Hola Browser was weaponized to spread a Monero miner

Hackers hijacked Hola Browser for secret crypto mining

Because of a supply chain attack, some Windows users unknowingly downloaded a Monero crypto miner along with their Hola Browser installation.

World Cup 2026: watch out for these scams

Buyer beware: how scammers are targeting soccer fans at the World Cup

Here’s a breakdown of the latest scams to watch out for, ensuring your World Cup experience ends with great memories — not stolen money or compromised data.

Building an autonomous SOC: core challenges and solutions

Is it possible to build a fully autonomous SOC?

We break down the core challenges and potential solutions for building a fully autonomous security operations center.

The FROST attack: how SSD access delays expose users’ activity

Austrian researchers have uncovered a bizarre new way hackers could steal sensitive data.

The guide on blocking ChatGPT, Gemini, Claude, and other AI tools at work

Taming shadow-AI on corporate devices

How to detect and block unauthorized AI tools in an organization.

Argamal RAT: attackers distributing a remote access Trojan through hentai games

Hentai games with a nasty twist

Looking for a hentai game, but ended up with malware? Attackers are hiding the Argamal remote access Trojan inside hentai games, and distributing it through dedicated websites and torrent trackers. We break down how this malware works, why it’s dangerous, and how to keep your computer from becoming a goldmine for blackmailers.

Elon Musk's XChat: how secure is the new messaging app?

XChat: what’s wrong with Elon Musk’s new messaging app?

We break down Elon Musk’s new messaging app, XChat: here’s what we know about its end-to-end encryption, and whether the new service can truly compete with Signal, WhatsApp, and Telegram.

Gamers

The CVE-2025-59489 vulnerability in Unity, and how to fix it in games

Vulnerability in Unity game engine

Any game based on the popular Unity engine made in the last eight years can allow attackers to get into your computer or smartphone. Here’s what to do about it.

Viruses on official Steam, Minecraft, and Endgame Gear sites

Gamers under fire: malware on official websites

Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.

Trojanized game PirateFi discovered on Steam

Gamers beware: Trojans have invaded Steam

If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.

How cybercriminals attack young gamers: the most common and dangerous scams

How scammers attack young gamers

Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.

Hackers disrupt Apex Legends esports tournament

Live hack: Apex Legends esports tournament scandal

Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.