Researchers have identified a new phishing technique that exploits Amazon's Simple Email Service (SES) to send fraudulent emails that appear legitimate. By using this widely trusted cloud email service, attackers can bypass traditional email security measures. Victims may struggle to distinguish these phishing emails from real communications, making them more susceptible to scams. The implications are significant, as this method could lead to increased identity theft and financial loss for individuals and organizations alike. Users are advised to be vigilant and verify the authenticity of unexpected emails, especially those requesting sensitive information or prompting urgent actions.
Researchers at Kaspersky have identified a new vulnerability in the Remote Procedure Call (RPC) architecture of Windows. This flaw allows an attacker to set up a counterfeit RPC server, which they can then use to gain elevated privileges on a target system. The implications of this vulnerability are significant, as it could enable attackers to execute malicious actions with higher access rights, potentially compromising sensitive data and system integrity. Organizations using affected systems should be vigilant and consider implementing security measures to defend against this exploitation. The discovery emphasizes the need for regular updates and security practices to mitigate such risks.
Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.
In a significant cyberattack, the Lotus Wiper malware targeted Venezuela's energy sector, causing extensive damage to critical infrastructure. Researchers from Kaspersky reported that attackers first executed batch scripts to disable security measures and prepare the systems for the wiper's deployment. Once the environment was compromised, the wiper erased all data, making recovery impossible. This assault on the energy and utilities sector comes amid rising regional tensions, highlighting vulnerabilities in critical infrastructure. The incident raises concerns about the potential for similar attacks in other regions, emphasizing the need for enhanced cybersecurity measures in vital sectors.
Kaspersky's GReAT team has reported on a new campaign involving JanelaRAT, a type of remote access trojan that specifically targets financial information from users in Latin America. This malware is designed to steal sensitive data, including banking credentials, by infecting victims' devices through a series of sophisticated techniques. The infection process and the functionality of the malware have both been updated, making it more dangerous than previous versions. This campaign is particularly concerning as it highlights the ongoing risks to financial security for users in the region, especially given the rise of online banking and digital transactions. Users in Latin America need to be aware of this threat and take steps to protect their financial information.
Kaspersky has reported that SparkCat malware has resurfaced on app stores, specifically targeting cryptocurrency users in Asia. This malware has been found in applications available for both iOS and Android devices. Users downloading these apps may unknowingly expose their sensitive information, such as cryptocurrency wallet details, to attackers. This resurgence is particularly concerning given the increasing popularity of cryptocurrency among users, making them prime targets for cybercriminals. As the malware spreads, it underlines the need for users to be vigilant about the apps they download and the permissions they grant.
CrystalRAT is a new type of malware that has emerged in 2023, functioning as a malware-as-a-service platform. It operates on a subscription model, allowing users to access its capabilities, which include remote access to infected systems and features designed for pranks. Researchers from Kaspersky have noted that CrystalRAT bears a strong resemblance to an earlier malware called WebRAT. This is concerning as it lowers the barrier for entry for cybercriminals, enabling even those with limited technical skills to launch attacks. The rise of such services poses a growing threat to individuals and organizations, as they can be exploited for a variety of malicious purposes including data theft and system manipulation.
Kaspersky researchers have identified a new Remote Access Trojan (RAT) called CrystalX, which is being distributed as Malware-as-a-Service (MaaS). This malware combines features of spyware, information stealers, and prankware, making it particularly versatile and dangerous. Users can unknowingly download CrystalX, leading to their personal information being stolen or their devices being used for malicious purposes. The presence of prankware adds a unique twist, as it can also be used to annoy or embarrass victims. This incident underscores the evolving nature of cyber threats and the need for users to be vigilant about the software they install and the links they click on.
Recent findings from Kaspersky reveal that the Coruna iOS exploit kit is using an updated version of the kernel exploit code from the 2023 Operation Triangulation campaign. This exploit targets two specific vulnerabilities in Apple’s iOS, raising concerns about the potential for mass attacks against users. Initially, there wasn't enough evidence to connect Coruna to the earlier campaign, but researchers have now established a clear link. This means that devices running affected versions of iOS could be at risk from attackers leveraging these exploits. Users and organizations need to be vigilant and ensure their devices are updated to protect against these threats.
Kaspersky's GReAT team has identified a new exploit kit called Coruna, which specifically targets iPhones. This kit utilizes kernel exploits associated with two vulnerabilities, CVE-2023-32434 and CVE-2023-38606, and is an updated version of techniques used in Operation Triangulation. The existence of these exploits poses significant risks to iPhone users, as they could potentially allow attackers to gain unauthorized access to sensitive data or control over the devices. Users should be aware of these vulnerabilities and take steps to secure their devices against exploitation. The findings emphasize the need for continuous vigilance in mobile security as attackers evolve their methods.
The Kaspersky Security Services report provides an overview of cyberattack trends and statistical insights derived from their Managed Detection and Response service. It also includes findings from Incident Response efforts based on real-world cases that occurred in 2025. The report reveals emerging attack patterns and highlights the types of incidents that organizations faced, offering a glimpse into the evolving tactics of cybercriminals. This information is crucial for businesses and security professionals as it can help them better prepare for and respond to future threats. Understanding these trends can aid companies in strengthening their defenses and minimizing potential damage from cyberattacks.
Kaspersky's Security Operations Center has identified a new Horabot campaign targeting users in Mexico. This campaign involves sophisticated tactics that aim to compromise systems and steal sensitive information. Researchers have provided insights into how the attack is carried out, which can help security teams identify and respond to the threat effectively. The focus on Mexico suggests that local businesses and individuals may be particularly vulnerable, highlighting the need for increased awareness and protective measures. Understanding the methods used in this campaign can assist in preventing future attacks and safeguarding valuable data.
A cybercriminal group known as Bloody Wolf is targeting organizations in Uzbekistan and Russia with a spear-phishing campaign designed to deploy a remote access trojan called NetSupport RAT. This group, which has been active since at least 2023, is focusing its attacks on the manufacturing, finance, and IT sectors. Kaspersky, a cybersecurity firm, is tracking this activity under the name Stan Ghouls. The use of spear-phishing indicates that the attackers are likely customizing their messages to trick specific individuals or organizations into downloading the malicious software. This type of threat can lead to significant data breaches and operational disruptions for the affected companies, making it crucial for them to enhance their email security and user awareness training.
On January 20, Kaspersky detected malware associated with a supply chain attack targeting eScan antivirus software. This incident suggests that attackers compromised the update mechanism of eScan, potentially allowing them to distribute malicious updates to users. Companies using eScan antivirus are at risk, as the malware could lead to unauthorized access or data breaches. Users of the software should be vigilant and consider immediate actions to protect their systems. Kaspersky has provided indicators of compromise and mitigation strategies for affected users to follow in order to secure their environments.
Kaspersky researchers have identified updates to the CoolClient backdoor and the deployment of new tools associated with the HoneyMyte group, also known as Mustang Panda or Bronze President. This group is known for its advanced persistent threat (APT) campaigns, which have now introduced three variants of a browser data stealer. These updates suggest an ongoing effort by attackers to enhance their capabilities and target sensitive data from users. The implications are significant, as organizations and individuals could be at risk of having their personal and financial information stolen. Users are encouraged to remain vigilant and ensure their systems are protected against these evolving threats.