VIRUS-NEWS
State of ransomware in 2026
by Fabio Assolini, Marc Rivero, Maher Yamout, Darya Gorodilova12 May 2026 at 7:00am
Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.
CVE-2025-68670: discovering an RCE vulnerability in xrdp
by Denis Skvortsov, Dmitry Shmoylov8 May 2026 at 8:00am
During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.
Exploits and vulnerabilities in Q1 2026
by Alexander Kolesnikov7 May 2026 at 10:00am
This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
by GReAT6 May 2026 at 1:00pm
Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.
Websites with an undefined trust level: avoiding the trap
by Lama Saqqour, Anna Larkina6 May 2026 at 9:30am
We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.
?Legitimate? phishing: how attackers weaponize Amazon SES to bypass email sec...
by Roman Dedenok4 May 2026 at 10:00am
Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let's look at some examples to see how you can tell a phishing email from a real one.
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia an...
by Anton Kargin, Vladimir Gursky, Victoria Vlasova, Anna Lazaricheva30 Apr 2026 at 7:00am
The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.
PhantomRPC: A new privilege escalation technique in Windows RPC
by Haidar Kabibo24 Apr 2026 at 8:00am
Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.
FakeWallet crypto stealer spreading through iOS apps in the App Store
by Sergey Puzan20 Apr 2026 at 9:22am
In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.
Threat landscape for industrial automation systems in Q4 2025
by Kaspersky ICS CERT15 Apr 2026 at 12:30pm
The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.
