Vulnerabilities and Exploits

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7.

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on.

While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer.

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024.

We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection.

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities.