Kaspersky

A critical Windows zero-day is already being exploited in the wild. Known as MiniPlasma, the vulnerability allows attackers to escalate privileges to SYSTEM level on fully updated Windows 11 and Windows Server environments. What makes this case particularly concerning is that the exploit was publicly released before Microsoft’s scheduled patch, creating a window of opportunity for threat actors. Kaspersky researchers have analyzed the attack chain and developed detection mechanisms across MDR, EDR, XDR and SIEM solutions to help organizations identify exploitation attempts. Key indicators include: 🔍 Suspicious CloudFiles registry modifications 🔍 Unusual execution of wermgr.exe outside standard paths 🔍 System binaries launched from non-standard directories 🔍 NtApiDotNet artifacts associated with the published PoC Read the full analysis and detection guidance on Securelist: 🔗 https://kas.pr/fra9

Supply chain attacks are no longer theoretical 🛑 Since mid-2025, targeted compromises like the Shai-Hulud worm and GlassWorm campaigns have surged across GitHub, npm, and VS Code. If you build proprietary software or manage large IT environments, blind trust in open-source dependencies is no longer an option. Join our experts as we analyze real-world telemetry to show how attackers exploit trusted pipelines to exfiltrate data and infect environments. We’ll share actionable, risk-aware strategies to help your teams catch hidden threats before they reach production. #SupplyChainSecurity #AppSec #CyberSecurity #Kaspersky

That email asking you to “review a shared document” might not come from Microsoft at all. Cybercriminals are now abusing Google AppSheet, a legitimate no-code platform, to create convincing phishing pages and send fake notifications that look trustworthy at first glance. Because the infrastructure is legitimate, these attacks can bypass traditional reputation checks and appear more credible to users. It’s another reminder that phishing isn’t just about suspicious links anymore. Attackers increasingly hide behind trusted platforms people use every day. Stay cautious with unexpected document-sharing emails, even when they appear to come from familiar services. Read the full analysis from our researchers: https://kas.pr/8wr8

📦 Why container security is important: dissecting critical issues in 100 popular Docker Hub images Kaspersky’s research team examined 100 popular Docker Hub images with 10,000 to 1 million downloads using our Kaspersky Container Security platform. It analyzes image layers, Dockerfile commands, and runtime configurations. KIRA, an optional AI assistant, adds context beyond pattern matching by explaining privilege escalation chains, credential exposure paths, and supply chain risks. Key findings include: ▪️ Vulnerability landscape: 64% of images contained critical vulnerabilities. Only 10% were fully patched. Notable vulnerabilities include CVE-2025-49844 in Redis (RCE via Lua parser exploit), CVE-2026-24061 in nginx (process crash leading to RCE), CVE-2025-32463 in sudo, and CVE-2023-4911 in glibc (both enabling privilege escalation). ▪️ Configuration issues: Through static analysis and LLM-based scanning, KIRA identified hardcoded passwords in Dockerfiles, sudo configurations with NOPASSWD:ALL, 777 file permissions on system directories, downloads over HTTP without integrity checks, and disabled TLS certificate verification. ▪️ Malware risks: Popular images are now targets for malware. In March 2026, Trivy and LiteLLM container images were compromised with malicious files injected directly into official repositories, demonstrating that this supply chain attack vector is actively exploited. If you’re running containerized workloads and haven’t combined vulnerability scanning with configuration auditing, this research shows why that gap is exploitable. Read the full analysis: https://lnkd.in/dFxMeNKT #cloudsecurity #appsec

#DidYouKnow that 92% of Indian organizations prefer to outsource at least part of their SOC functions? Yet only 11% are ready to fully adopt SOC-as-a-Service. This is a clear signal of intent. Security leaders in India want to retain strategic control over their SOC while offloading operational and technical complexity where it makes sense. It reflects a more nuanced operating model: ✔️ Keep governance, visibility, and decision-making in-house ✔️ Leverage external expertise for scale, specialization, and efficiency The challenge lies in striking the right balance. Which functions should remain internal? Which are better outsourced to optimize performance and cost? We dive into this and more in our report. Get your copy today: https://lnkd.in/dPb75tq8 #Kaspersky #CyberSecurity #AI #SOC

Modern stadiums and smart venues are no longer just physical structures. They run on hundreds of PLCs, IoT sensors, HVAC and motion controllers, lighting networks, and cloud building management systems. All integrated. All potentially exposed. According to Kaspersky ICS CERT, the building automation sector is the second most frequently targeted by cyberattacks worldwide, with attack rates running 1.35x above the global average. A single compromised system can cascade across the entire venue, and in a live event environment, that means real physical consequences for the people inside. Kaspersky OT CyberSecurity protects the full IT-OT-IoT stack of next-gen venues, from asset discovery and risk assessment to converged threat detection and incident response, without disrupting operations. Because when 50,000 people are in the building, downtime is not an option. Learn more: https://kas.pr/o8p9 #CyberSecurity #OTSecurity #SmartBuildings #ICS #CriticalInfrastructure #IoT #Kaspersky

How often do you step outside your comfort zone to learn something completely new? For Nikolay Kuzmin, Lead System Analyst at Kaspersky Secure Mail Gateway, the answer was reverse engineering. He stepped beyond his day-to-day role to explore a new area of cybersecurity through xTraining. Along the way, he analyzed real malware, sharpened his problem-solving skills, and discovered opportunities he hadn't seen before. 🎥 Watch the full story and see where continuous learning can take you. Learn more → https://kas.pr/xd9w

Your mobile fleet is a target. Not eventually - now. Our GReAT team has been tracking how attackers distribute malware, exploit device vulnerabilities, abuse messaging platforms, and monetise infected devices across both Android and iOS. They're sharing everything on June 11. Speakers: Fabio Assolini, Tatyana Shishkova, Dmitry Kalinin 🗓️ The Dark Side of Mobile: Threats Targeting Android & iOS - June 11, 16:00 CEST 🔗 https://kas.pr/81ii

A malware campaign hidden behind pirated movies and TV streaming sites has likely been operating since at least 2022. Kaspersky researchers uncovered a sophisticated operation distributing: • crypto miners • remote access trojans (RATs) • persistent malware loaders The infection chain relied on fake video player updates delivered through high-traffic piracy platforms, some attracting millions of monthly visits. What makes this campaign notable is not just the scale, but the operational maturity: • DLL side-loading • reflective PE loading • DNS tunneling • process hollowing • Defender exclusion abuse • persistence via fake Google update services • remote command execution capabilities In April 2026 alone, websites linked to the campaign accumulated an estimated 40 million visits. This is a reminder that seemingly “consumer-side” threats can quickly become enterprise risks, especially on unmanaged or hybrid-work devices connected to corporate environments. Read the full Securelist technical analysis: https://kas.pr/bv2j

🚛 Are you ready to ingest your car fleet telemetry into a SIEM? Autonomous vehicles now log hundreds of thousands of commercial trips per week in the U.S. and China alone. However, the security architecture protecting these vehicles is far less mature than the hardware driving them. A modern self-driving vehicle is essentially a networked computing system on wheels. Telematics, Bluetooth, Wi-Fi, OTA updates, V2X communication — every interface is a potential attack surface. A spoofed braking command or a critical ECU reflashed via an unauthorized diagnostic session can quickly go from theoretical to real the moment cybercriminals decide the scale makes it feasible. The challenge can’t be solved with a single security measure. The answer is a distributed architecture. Kaspersky’s Automotive Secure Gateway (KASG), built on KasperskyOS, focuses on the CAN bus, which carries control commands to roughly 80% of a vehicle’s electronic control units. Standard error-checking on CAN wasn’t designed to stop targeted attacks. KASG adds cryptographic message authentication to verify that commands truly originate from trusted controllers and haven’t been tampered with in transit. Key distribution and rotation happen centrally, reducing both cost and processing overhead across the ECU network. At the fleet level, onboard intrusion detection alone isn’t sufficient. You need external correlation. We are working toward a system where KASG feeds security events into a SIEM, enabling cross-vehicle pattern analysis, incident auditing, and fleet-wide risk management that no single vehicle can provide on its own. In our article, we cover these topics in greater detail, analyze how an onboard IDS can work, and review the rapidly evolving regulation in the field. Read more: https://lnkd.in/d7dGpXHv