Argamal: Malware hidden in hentai games In April 2026, we discovered a new malware campaign targeting players of “hentai” game... 2026-6-3 09:0:22 | 阅读: 24 | 收藏 | Securelist - securelist.com c2 payload trojan malicious 186

Wardriving assessment across Mexico: Preparing for the 2026 World Cup IntroductionMexico is one of the host countries for the 2026 FIFA World Cup, with mat... 2026-6-2 12:0:33 | 阅读: 18 | 收藏 | Securelist - securelist.com deployments ssid analysis wps security

Containers on fire: from container escapes to supply chain attacks IntroductionModern infrastructures universally rely on containerization to deploy app... 2026-6-1 10:0:6 | 阅读: 19 | 收藏 | Securelist - securelist.com attacker kubernetes malicious containers privileges

What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant IntroductionContainerization using Docker has become firmly established in modern dev... 2026-5-29 07:0:51 | 阅读: 31 | 收藏 | Securelist - securelist.com pkp privileges security attackers

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years IntroductionIn late April 2026, a client reached out to us for incident response supp... 2026-5-28 06:55:11 | 阅读: 25 | 收藏 | Securelist - securelist.com miner malicious privileges payload elevated

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload In 2025, we observed pervasive SSH tunnel activity, which has remained active into 202... 2026-5-22 09:47:0 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com windows ssh attackers powershell payload

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) IntroductionExifTool is a widely adopted utility for reading and writing metadata in... 2026-5-20 09:2:31 | 阅读: 22 | 收藏 | Securelist - securelist.com exiftool 2026

IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Mobile statisticsIT threat evolution in Q1 2026. Non-... 2026-5-18 12:0:30 | 阅读: 19 | 收藏 | Securelist - securelist.com trojan triada mamont banker q1

IT threat evolution in Q1 2026. Non-mobile statistics IT threat evolution in Q1 2026. Non-mobile statisticsIT threat evolution in Q1 2026.... 2026-5-18 12:0:22 | 阅读: 20 | 收藏 | Securelist - securelist.com ransomware q1 2026 territory territories

Kimsuky targets organizations with PebbleDash-based tools Over the past few months, we have conducted an in-depth analysis of specific activity... 2026-5-14 11:0:58 | 阅读: 27 | 收藏 | Securelist - securelist.com c2 appleseed vscode pebbledash jse

State of ransomware in 2026 With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its... 2026-5-12 07:0:4 | 阅读: 62 | 收藏 | Securelist - securelist.com ransomware 2026 encryption extortion security

CVE-2025-68670: discovering an RCE vulnerability in xrdp Vulnerability reports... 2026-5-8 08:0:54 | 阅读: 48 | 收藏 | Securelist - securelist.com client xrdp wm utf16 security

Exploits and vulnerabilities in Q1 2026 During Q1 2026, the exploit kits leveraged by threat actors to target user systems exp... 2026-5-7 10:0:43 | 阅读: 43 | 收藏 | Securelist - securelist.com 2026 q1 security c2

OceanLotus suspected of using PyPI to deliver ZiChatBot malware IntroductionThrough our daily threat hunting, we noticed that, beginning in July 2025... 2026-5-6 13:0:34 | 阅读: 39 | 收藏 | Securelist - securelist.com zichatbot malicious library colorinal python

Websites with an undefined trust level: avoiding the trap Executive summaryA suspicious website is a web resource that cannot be definitively... 2026-5-6 09:30:46 | 阅读: 40 | 收藏 | Securelist - securelist.com phishing security fraudulent malicious 2026

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security IntroductionThe primary goal for attackers in a phishing campaign is to bypass email... 2026-5-4 10:0:23 | 阅读: 24 | 收藏 | Securelist - securelist.com phishing attackers security bec

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India In December 2025, we detected a wave of malicious emails designed to look like officia... 2026-4-30 07:0:19 | 阅读: 30 | 收藏 | Securelist - securelist.com payload loader abcdoor rustsl fox

PhantomRPC: A new privilege escalation technique in Windows RPC 好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内，并且不需要特定的开头。首先，我得仔细阅读用户提供的文章内容，了解其主要观点和关键信息。 文章主要讨论了Windows中的远程过程调用（RPC）机制及其潜在的安全漏洞。特别是，作者发现了一个新的漏洞，允许本地权限提升到SYSTEM级别。这个漏洞利用了RPC的架构弱点，攻击者可以在多个场景下进行攻击，比如通过模拟TermService或其他服务。 接下来，我需要提取关键点：RPC机制、漏洞、本地权限提升、攻击向量、检测和防御策略。同时，要注意字数限制，确保在100字以内简洁明了地表达这些内容。 然后，我会组织语言，确保信息准确且连贯。例如，开头提到RPC机制及其复杂性，接着说明漏洞如何导致权限提升，再提到多种攻击路径和防御措施。 最后，检查总结是否符合要求：没有使用特定的开头词，控制在100字以内，并且涵盖了文章的核心内容。 </think> Windows RPC机制存在架构性弱点，允许本地权限提升至SYSTEM级别。攻击者可利用此漏洞通过模拟合法RPC服务器实现权限 escalation。该漏洞影响所有Windows版本且未修复。研究展示了五种不同的攻击路径，并提供了检测和防御策略。... 2026-4-24 08:0:12 | 阅读: 26 | 收藏 | Securelist - securelist.com client windows attacker security

FakeWallet crypto stealer spreading through iOS apps in the App Store ReportsKaspersky researchers... 2026-4-20 09:31:14 | 阅读: 27 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com panda bronze president mustang honeymyte

FakeWallet crypto stealer spreading through iOS apps in the App Store In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masq... 2026-4-20 09:22:47 | 阅读: 28 | 收藏 | Securelist - securelist.com malicious hxxps phishing ledger mnemonics