Securelist by Kapersky

Kimsuky targets organizations with PebbleDash-based tools

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

State of ransomware in 2026

Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.

CVE-2025-68670: discovering an RCE vulnerability in xrdp

During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.

Exploits and vulnerabilities in Q1 2026

This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Websites with an undefined trust level: avoiding the trap

We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let's look at some examples to see how you can tell a phishing email from a real one.

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

PhantomRPC: A new privilege escalation technique in Windows RPC

Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.

support@howelltontech.com

941.639.6007

All calls are screened to avoid spam and robocalls with invalid caller-ID information. Please leave a message about why you are calling and someone will return your call within 15 minutes.

Howellton Tech's Choice Newsfeeds