SMB

Two campaigns by the BlueNoroff APT group target developers and executives in the crypto industry.

The optical sensors in computer mice can be used for eavesdropping. We break down why this is fascinating — but still a long way from real-world practicality.

Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.

Two separate research papers vividly demonstrate how virtual systems can be compromised in a hostile environment — specifically, when the data owner can’t even trust the cloud provider.

How AI-generated code is changing cybersecurity — and what developers and “vibe coders” should expect.

Attackers pretending to be airlines or airports are sending out fake partnership offers.

Phoenix, a new variant of the Rowhammer attack, makes it possible to attack DDR5 memory modules.

Using our Kaspersky Next product line as an example, we explain the practical differences between XDR Optimum and EDR Optimum.

Which path of cybersecurity team evolution best suits your company’s strategy?

A new large-scale attack on a popular JavaScript code registry has hit around 150 packages. The automatic propagation of the threat makes it especially dangerous — developers need to react ASAP.

Unknown attackers have compromised several popular npm packages in a supply-chain attack.

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

A popular developer tool has been trojanized and is uploading secrets to public GitHub repositories. We discuss what’s important to know for both developers and cybersecurity services.

How attackers can hijack your computer through its webcam — and how to stop it.

Attackers spin poignant tales of lost private keys as they try to phish seed phrases.

Google experts have demonstrated how complex hardware vulnerabilities in CPUs can be effectively exploited.

Researchers have devised a theoretical attack to steal private encryption keys through monitoring standard CPU and OS behavior.

Companies need to build a culture of security, but this is impossible when employees are afraid to discuss incidents or suggest improvements.

Using anomalies in the behavior of users, devices, applications, and other entities to detect cyberthreats.

Attackers are sending phishing emails to developers of PyPi packages and Firefox add-ons.

Causes of discrepancies in Common Vulnerability Scoring System ratings, common mistakes when using CVSS for vulnerability prioritization, and how to do this right.