open-sourceOpen-source vulnerability management architecture
How to manage vulnerabilities when developing or using open-source software.
Latest
Open-source vulnerabilities: now a problem for every business
How the AI boom and increasing reliance on open-source components are piling up corporate security debt — and what you can actually do about it.
RATCrystalX RAT can flip your screen and steal your crypto
The new CrystalX remote access Trojan looks like the prank viruses of the 90s on the surface, but it causes a lot more damage. It spies on all that’s happening on your computer, steals cryptocurrency and accounts, and gives the attacker full control over your device. We break down how it works, and how to avoid becoming a victim.
backupRansomware now taking aim at personal backups
Personal backups and home NAS are now in cybercriminals’ crosshairs. We break down exactly how hackers encrypt your data — and how you can stop them.
AIWhy AI agents need an iron curtain
Researcher Niels Provos’ prototype IronCurtain architecture: a system designed to restrict the actions of AI agents through isolation and security policies.
Survey-based scams
Spammers have figured out how to hide links to fraudulent sites within surveys created on legitimate platforms. We’re breaking down the ruse and sharing tips on how to avoid falling for it.
Supply chain attack via Trivy and LiteLLM
How open-source security solutions became the starting point for a massive attack on other popular applications, and what organizations that use them should do.
iOSPredator vs. iPhone: the art of invisible surveillance
Intellexa’s Predator spyware can hide camera and microphone usage indicators on iOS devices. Here’s a look at how it pulls it off.
Spam packages in npm: what are they and why are they dangerous?
In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.
Gamers
Vulnerability in Unity game engine
Any game based on the popular Unity engine made in the last eight years can allow attackers to get into your computer or smartphone. Here’s what to do about it.
Gamers under fire: malware on official websites
Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.
Gamers beware: Trojans have invaded Steam
If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.
How scammers attack young gamers
Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.
Live hack: Apex Legends esports tournament scandal
Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.
Mario Forever, malware too: a free game with a miner and Trojans inside
Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.
Minecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
Business
Malware disguised as AI agents
Threat actors are promoting pages containing malicious instructions for installing AI agents intended for workflow automation.
Another look inside the container
The latest update to Kaspersky Cloud Workload Security adds support for an AI assistant for image analysis.
macOSThe ExifTool vulnerability: how an image can infect macOS systems
An in-depth analysis of CVE-2026-3102, a vulnerability posing a potential threat to anyone processing images on a Mac.
Cloudless malware attribution
What is the purpose of a local version of the Kaspersky Threat Attribution Engine, and how to hook it up to IDA Pro?
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Tips
TipsAndroid trojan posing as government services and Starlink apps
We break down the BeatBanker trojan attack, which combines espionage, crypto theft, and mining with inventive ways to dig its heels into a smartphone.
Browser-in-the-browser attacks: from theory to reality
A browser-in-the-browser attack, theoretically described in 2022, has been adopted in real-world phishing. We break down how it works, and how to spot a fake authentication window.
How to recognize a deepfake: attack of the clones
Learn how to spot deepfakes in photos, videos, voice messages, and video calls in real time.
How to install or update Kaspersky apps for Android in 2026
Our Android apps are no longer available on Google Play. We explain how to download, install, and update them by alternative means.