infostealersMalware hiding in a 3D model
How automation turns legitimate tools into a channel for malware delivery.
Business
1378 articles
vulnerabilitiesReact4Shell vulnerability: protecting web servers from CVE-2025-55182
Millions of websites based on React and Next.js contain an easy-to-exploit vulnerability that can lead to complete server takeover. How to check if your server is vulnerable, and protect corporate web assets?
embedded systemsSecuring embedded devices in 2025
Identifying threats to embedded devices, and how the updated Kaspersky Embedded Systems Security can help in tackling them?
Hardening Exchange servers
Here’s how to mitigate the risks of targeted attacks on your organization’s mail servers.
browsersBrowser extensions: never trust, always verify
Systematic measures and tools that organizations can use to defend against malicious browser extensions.
Printers attacked by… fonts
We examine how popular Canon printers could become a foothold for attackers within an organization’s network.
FileFix: a new ClickFix variation
Malicious actors have started utilizing a new variation of the ClickFix technique — named “FileFix”. We explain how it works, and how to defend your company against it.
SD-WAN: new dimensions of efficiency
How organizations save employee time and boost productivity with the new version of Kaspersky SD-WAN.
What an MXDR solution for SMBs should be like
The differences between an MXDR service for a large enterprise, and one that would fit perfectly into the security framework of a growing SMB.
APTGhostCall and GhostHire: hunting for crypto assets
Two campaigns by the BlueNoroff APT group target developers and executives in the crypto industry.
The ForumTroll and his colleagues
Our experts have found common tools used by both the ForumTroll APT group and attackers using Dante malware by Memento Labs.
side-channel attacksCan your mouse eavesdrop on you?
The optical sensors in computer mice can be used for eavesdropping. We break down why this is fascinating — but still a long way from real-world practicality.
Hidden links to… porn sites – on your company website
Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.
RAMHacking TEEs in server infrastructure
Two separate research papers vividly demonstrate how virtual systems can be compromised in a hostile environment — specifically, when the data owner can’t even trust the cloud provider.
The hidden dangers of AI coding
How AI-generated code is changing cybersecurity — and what developers and “vibe coders” should expect.
Fake partnership proposals
Attackers pretending to be airlines or airports are sending out fake partnership offers.
Detecting DLL hijacking
Our experts trained an ML model to detect attempts to use DLL hijacking, and integrated it into the Kaspersky SIEM system.
Phoenix: a Rowhammer attack vs. DDR5 memory
Phoenix, a new variant of the Rowhammer attack, makes it possible to attack DDR5 memory modules.
Security hardening: reducing an attack surface
Low-hanging fruit for boosting corporate cyber-protection.
Internal expertise vs. managed security
Which path of cybersecurity team evolution best suits your company’s strategy?
Might it be time to move over to XDR?
Using our Kaspersky Next product line as an example, we explain the practical differences between XDR Optimum and EDR Optimum.