Solutions for:

Home Products
Small Business 1-50 employees
Medium Business 51-999 employees
Enterprise 1000+ employees

by Kaspersky

CompanyAccount
Get In Touch
Dark mode off
English

Solutions
Industries
- - Other Industries
  - Telecom Cybersecurity
  - View all
Products
Services
- - Other Services
  - Kaspersky Professional Services
  - Kaspersky Incident Response
  - Kaspersky Cybersecurity Training
  - View All
Resource Center
About Us
GDPR

Dark mode off
Securelist menu
English
- Russian
- Spanish
- Brazil
Existing Customers
- Personal
- Business
Home
- Products
- Trials&Update
- Resource Center
Business
- Kaspersky Next
- Small Business (1-50 employees)
- Medium Business (51-999 employees)
- Enterprise (1000+ employees)
Securelist
Threats
- Financial threats
- Mobile threats
- Web threats
- Secure environment (IoT)
- Vulnerabilities and exploits
- Spam and Phishing
- Industrial threats
Categories
- APT reports
- Incidents
- Research
- Malware reports
- Spam and phishing reports
- Publications
- Kaspersky Security Bulletin
Archive
All Tags
APT Logbook
Webinars
Statistics
Encyclopedia
Threats descriptions
KSB 2021
About Us
- Company
- Transparency
- Corporate News
- Press Center
- Careers
- Sponsorships
- Policy Blog
- Contacts
Partners
- Find a Partner
- Partner Program

Content menu Close Incidents

by Kaspersky

Dark mode off

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats

Incidents

An AI gateway designed to steal your data

Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.

Vladimir Gursky

The game is over: when “free” comes at too high a price. What we know about RenEngine

Denis Brylev
Pavel Sinenko
Maxim Starodubov
Artem Ushkov

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs

Georgy Kucherin
Anton Kargin

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

Georgy Kucherin
Kirill Korchemny
Ilya Savelyev

Deep analysis of the flaw in BetterBank reward logic

Elsayed Elrefaei

Post-exploitation framework now also delivered via npm

Vladimir Gursky
Artem Ushkov

Massive npm infection: the Shai-Hulud worm and patient zero

Vladimir Gursky
Dmitry Vinogradov

The SOC files: Rumble in the jungle or APT41’s new target in Africa

Denis Kulik
Daniil Pogorelov

Russian organizations targeted by backdoor masquerading as secure networking software updates

Igor Kuznetsov
Georgy Kucherin
Alexander Demidov

How ToddyCat tried to hide behind AV software

Andrey Gunkin

XZ backdoor: Hook analysis

Anderson Leite
Sergey Belov

Assessing the Y, and How, of the XZ Utils incident

GReAT

XZ backdoor story – Initial analysis

GReAT

A hack in hand is worth two in the bush

GReAT

QBot banker delivered through business correspondence

Victoria Vlasova
Andrey Kovtun
Darya Ivanova

Incidents

GReAT research
Vulnerability reports
SOC, TI and IR posts
Malware descriptions
Industrial threats
Malware reports
Crimeware reports
APT reports
SAS
Spam and phishing reports
Spam and phishing
Incidents
Research
Security technologies
Kaspersky Security Bulletin
Publications
Software
DDoS reports
Internal threats reports
Archive

Hot Topics

Keyloggers: How they work and how to detect them (Part 1)

Nikolay Grebennikov

Scammers’ delivery service: exclusively dangerous

Tatyana Shcherbakova

RansomEXX Trojan attacks Linux systems

Fedor Sinitsyn
Vladimir Kuskov

Reports

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.

Kimsuky targets organizations with PebbleDash-based tools

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox

Email(Required)

(Required)

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats