Kaspersky official blog

Direct and reverse NFC relay attacks being used to steal money

NFC skimming attacks

How criminals exploit the familiar “tap your phone to pay” feature to steal your money.

Latest

Stealthy malware masking its activity, deploying infostealer

Cybercriminals are distributing malware that deploys an infostealer and masks its activity in network and system logs.

New cybersecurity laws and trends in 2026

Your personal cybersecurity checklist for 2026

Eight digital New Year’s resolutions you absolutely need to keep.

The Stealka stealer hijacks accounts and steals crypto while masquerading as pirated software

Stealka stealer: the new face of game cheats, mods, and cracks

We’ve identified a new infostealer named Stealka, which masquerades as pirated software and game mods. It targets data stored inside browsers, locally installed applications, and crypto wallets.

ForumTroll targets political scientists

GReAT experts have analyzed a new targeted campaign by the ForumTroll APT group.

Phishing in Telegram Mini Apps: how to avoid taking the bait

Phishing in Telegram Mini Apps: what’s Habib’s papakha got to do with it?

We break down a new scam that leverages Telegram Mini Apps, and explain how to avoid taking the bait.

How to discover and secure ownerless corporate IT assets

Forgotten IT infrastructure: even worse than shadow IT

How to eliminate the threat posed to organizations by ownerless servers and services, outdated libraries, and insecure APIs.

Where does the data stolen in a phishing attack go?

What happens to data stolen using phishing?

We follow the trail of a phishing attack to break down, step-by-step, what happens to the data stolen from users.

Breach of 120 000 IP cameras in South Korea: security tips

Korean-style webcam breach: 120 000 IP cameras hacked

From karaoke rooms to gynecology clinics — these are just some of the tens of thousands of locations where compromised IP cameras were discovered in South Korea. Here’s how to avoid unwittingly starring in steamy videos you didn’t authorize.

Gamers

The CVE-2025-59489 vulnerability in Unity, and how to fix it in games

Vulnerability in Unity game engine

Any game based on the popular Unity engine made in the last eight years can allow attackers to get into your computer or smartphone. Here’s what to do about it.

Viruses on official Steam, Minecraft, and Endgame Gear sites

Gamers under fire: malware on official websites

Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.

Trojanized game PirateFi discovered on Steam

Gamers beware: Trojans have invaded Steam

If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.

How cybercriminals attack young gamers: the most common and dangerous scams

How scammers attack young gamers

Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.

Hackers disrupt Apex Legends esports tournament

Live hack: Apex Legends esports tournament scandal

Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.

Malware in the free game Super Mario 3: Mario Forever

Mario Forever, malware too: a free game with a miner and Trojans inside

Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.

Minecraft players under attack

Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.

Business

CVE-2025-55182 vulnerability in React and Next.js

React4Shell vulnerability: protecting web servers from CVE-2025-55182

Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How to check if your server is vulnerable, and protect corporate web assets?

Kaspersky Embedded Systems Security: what's new?

Securing embedded devices in 2025

Identifying threats to embedded devices, and how the updated Kaspersky Embedded Systems Security can help in tackling them?

Microsoft Exchange on-premises hardening recommendations

Hardening Exchange servers

Here’s how to mitigate the risks of targeted attacks on your organization’s mail servers.

How to securely vet browser extensions across your organization

Browser extensions: never trust, always verify

Systematic measures and tools that organizations can use to defend against malicious browser extensions.

CVE-2024-12649: vulnerability in the Canon TTF interpreter

Printers attacked by… fonts

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Privacy & Kids

Latest

Gamers

Business

I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place. Eugene Kaspersky

Tips

I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.

Eugene Kaspersky