Securelist

The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.

Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.

Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.

In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.

Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.

Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also includes Incident Response findings based on real-world cases identified and mitigated in 2025.

Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat.

Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising via Google Ads.