Securelist

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these.

We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Kaspersky researchers describe how they gained access to a vehicle’s head unit by exploiting a single vulnerability in its modem.

Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.