- HelloNet campaign — new malicious modules launched through the ViPNet update systemby Konstantin Isakov, Georgy Kucherin, Anton Kargin on July 16, 2026 at 1:05 pm
We identified targeted infection attempts against large Russian organizations using the ViPNet update system (a software suite for creating secure networks).
- GoSerpent: a persistent threat evolves with sophisticated data collection and exfiltrationby Noushin Shabab on July 16, 2026 at 12:00 pm
Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia.
- OkoBot: new sophisticated malware framework targets cryptocurrency usersby Yaroslav Kikel on July 15, 2026 at 10:00 am
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer.
- Threat landscape for industrial automation systems. Q1 2026by Kaspersky ICS CERT on July 7, 2026 at 10:00 am
This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source, region and industry.
- When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft websiteby Roman Dedenok on July 6, 2026 at 9:00 am
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.
- Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaignby Kaspersky on July 3, 2026 at 10:00 am
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.
- Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projectsby Victor Sergeev, Amged Wageh on July 2, 2026 at 9:00 am
Kaspersky Compromise Assessment specialists analyze trends from the service’s 2025 projects and provide tips on how to enhance your organization’s security.
- The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaignby Denis Kulik on July 1, 2026 at 10:00 am
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
- OpenClaw: risks for the users and how to mitigate themby Kaspersky on July 1, 2026 at 6:42 am
Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing tips on how to mitigate them.
- ToddyCat: your hidden email assistant. Part 2by Andrey Gunkin on June 30, 2026 at 10:00 am
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.
Securelist
We are an ethical website cyber security team and we perform security assessments to protect our clients.

















