Business

1253 articles

How Interlock attacks IT specialists with fake CAPTCHAs and ClickFix

We explore how cybercriminals are targeting IT specialists searching for a popular network scanner, using the Interlock ransomware attack as an example.

How to implement zero trust: first steps and success factors

Migration to zero trust in practice – including the pitfalls

How organizations implement zero-trust principles, and what CISOs advise for project success.

Five new reasons not to pay ransoms

How the situation with ransomware attacks on companies has changed, and why paying a ransom has become an even worse and more useless idea in 2025.

What is ClickFix and how to protect your company

ClickFix technique: what it is and why it’s dangerous

An infection tactic called ClickFix is becoming increasingly popular among cybercriminals. We explain how such attacks work and how to protect your company against it.

What is slopsquatting, and how to protect your organization from it

How AI creates “slopsquatting” supply-chain risks

Popular AI code assistants try to call non-existent libraries. But what happens if attackers actually create them?

Critical vulnerability in PyTorch framework

Researchers have found a way to exploit a security mechanism in a popular machine-learning framework.

Six key areas for cost-effective development of a company's information security function in 2025, with a focus on budget optimization

CISO priorities in 2025

Analyzing the popular CISO MindMap from an economic efficiency perspective.

Protecting against attacks in ZIP, RAR, CAB, MSI, ISO and other archives

Security measures for handling archive files in organizations

Archives are being used in targeted phishing and other attacks on organizations. What tools, settings, and policies can mitigate the threat?

Scammers exploiting GetShared for phishing attacks

Scammers are exploiting GetShared to bypass email security.

Polyglot technique for disguising malware

When files are not what they seem

Attackers use the polyglot technique to disguise malware. We explain what it is and how to protect your company against attacks.

A ransomware attack through an IP camera

Fending off ransomware attacks that exploit corporate IoT devices.

AI technologies in Kaspersky SIEM

How and why we deploy artificial intelligence in our SIEM system.

CVE-2025-2783 in Operation ForumTroll APT attack

Operation ForumTroll: APT attack via zero-day vulnerability

Our technologies have helped to detect the zero-day vulnerability CVE-2025-2783 in Google Chrome, which was used in a sophisticated APT attack.

Fog ransomware publishes victim’s IP-addresses

Cybercriminals behind the Fog ransomware publish leaked data along with the IP addresses of attacked computers.

Attack on DevOps: secrets leaked via malicious GitHub Action

How to respond to a compromised GitHub changed-files Action incident.

Update your VMware ESXi products now to patch these three critical vulnerabilities from 2025

Three VMware vulnerabilities: key risks and urgent patches

Reasons for updating your ESXi infrastructure ASAP, and enterprise threats that VM escape poses.

Main vulnerabilities from Microsoft's March Patch Tuesday

Six Microsoft vulnerabilities being actively exploited

Microsoft’s March Patch Tuesday fixes several vulnerabilities that have already been used in the wild. Details are not clear at the moment, but it’s worth installing the patches ASAP.