Securelist | Kaspersky’s threat research and reports

Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web.

Threat Response

Webinars

Register to Access All Kaspersky Webinars

Categories

We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.

Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky Security Network (KSN).

Reports

Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Securelist by Kaspersky

Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader

A VBScript campaign distributed through WhatsApp deploying RMM software

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

From cause to cash: a cross-border look at hacktivist activity

MiniPlasma: detecting exploitation of a critical unpatched Windows vulnerability

Argamal: Malware hidden in hentai games

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Threat Response

DAEMON Tools software infected — supply chain attack ongoing since April 8, 2026

Information about the Copy Fail vulnerability, which allows attackers to gain root access on virtually any modern Linux distribution

Lotus Wiper: a new threat targeting the energy and utilities sector

Adapt or pay: an analysis of the AdaptixC2 framework

Webinars

AI meets cybersecurity: Powering the next digital move

Automate your SOC with Kaspersky XDR 2.0

How do we catch 0-days?

SOC evolution: From firefighting to strategic risk management

Categories

Containers on fire: from container escapes to supply chain attacks

What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Kaspersky Security Bulletin 2025. Statistics

Reports

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Kimsuky targets organizations with PebbleDash-based tools

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Subscribe to our weekly e-mails