Reports

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Threat Categories

Spam and Phishing

Following the digital trail: what happens to data stolen in a phishing attack

To buy or not to buy: How cybercriminals capitalize on Black Friday

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

New trends in phishing and scams: how AI and social media are changing the game

Vulnerabilities and exploits

Exploits and vulnerabilities in Q2 2025

Driver of destruction: How a legitimate driver is being used to take down AV processes

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

Internal threats

ToddyCat: your hidden email assistant. Part 1

Host-based logs, container-based threats: How to tell where an attack began

Dark web threats and dark market predictions for 2025

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

APT (Targeted attacks)

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Hunting for Mythic in network traffic

Tomiris wreaks Havoc: New tools and techniques of the APT group

Financial threats

Frogblight threatens you with a court case: a new Android banker targets Turkish users

To buy or not to buy: How cybercriminals capitalize on Black Friday

Deep analysis of the flaw in BetterBank reward logic

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

Secure environment (IoT)

God Mode On: how we attacked a vehicle’s head unit modem

Turn me on, turn me off: Zigbee assessment in industrial environments

It didn’t take long: CVE-2025-55182 is now under active exploitation

Modern vehicle cybersecurity trends

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Reports

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Tomiris wreaks Havoc: New tools and techniques of the APT group

ToddyCat: your hidden email assistant. Part 1

Subscribe to our weekly e-mails