Skip to content
The Nexus
DossierENTITY

Kaspersky

Coverage of Kaspersky in the Nexus archive.

Earliest in view: Apr 22 · 10:55 UTCMost recent: Jul 2 · 13:04 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 2 · 13:04 UTCTHE HACKER NEWS
    ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

    ToddyCat, a threat actor, has been linked to Umbrij malware that exploits OAuth to access Gmail via Google API, targeting corporate email compromises. Kaspersky reported that attackers focused on breaching Gmail communications through API access.

  • SECURITYJul 1 · 17:53 UTCTHE HACKER NEWS
    SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

    Unknown threat actors are using the ScreenConnect remote access tool to deploy AsyncRAT via spoofed websites. Kaspersky reports a 'massive, multi-domain, multi-language' campaign distributing malicious installers disguised as popular software like OBS Studio and Bandicam.

  • SECURITYJun 26 · 18:17 UTCTHE HACKER NEWS
    New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

    A new malware family called SharkLoader is being used to deploy Cobalt Strike Beacon in cyberattacks tracked as StrikeShark. The campaign has targeted a diplomatic organization in Indonesia and government organizations in Taiwan.

  • SECURITYJun 23 · 05:38 UTCTHE HACKER NEWS
    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

    A WhatsApp campaign is distributing malicious VBScript files that install the ManageEngine RMM tool, according to Kaspersky. The attack targets WhatsApp Desktop and Web users in Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, and Australia.

  • SECURITYJun 2 · 14:45 UTCTHE REGISTER
    Russian spy agency says foreign spies turned officials' smartphones into surveillance devices

    Russia's Federal Security Service (FSB) alleges that foreign intelligence agencies implanted malware on smartphones of senior Russian officials to steal data and conduct surveillance. The FSB has initiated a criminal investigation but has not provided evidence or details about the malware, affected officials, or the responsible agency. Previous accusations by the FSB include a 2023 claim about US National Security Agency (NSA) compromising iPhones, which was linked to Kaspersky's 'Operation Triangulation' campaign.

  • SECURITYMay 8 · 13:09 UTCRECORDED FUTURE NEWS
    Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia

    Pro-Ukraine BO Team and Head Mare hackers are teaming up to launch attacks against Russia, with researchers identifying overlapping infrastructure and tools used by both groups. The coordination suggests a joint effort in their cyberattacks. Researchers at Kaspersky made this discovery.

  • SECURITYMay 7 · 16:47 UTCTHE REGISTER
    60% of MD5 password hashes are crackable in under an hour

    Researchers at Kaspersky found that 60% of MD5 password hashes can be cracked in under an hour using a single GPU, highlighting the vulnerability of passwords protected by fast hashing algorithms. This is due to password predictability and the increasing power of graphics processors. The study analyzed over 231 million unique passwords and found that passwords are actually easier to crack in 2026 than they were a couple of years ago.

  • SECURITYMay 7 · 09:20 UTCTHE HACKER NEWS
    PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

    Cybersecurity researchers discovered three packages on the Python Package Index repository that deliver ZiChatBot malware on Windows and Linux systems. The packages implement described features but covertly deliver malicious files. Kaspersky reported the findings.

  • SECURITYMay 6 · 12:45 UTCRECORDED FUTURE NEWS
    Hackers compromise Daemon Tools in global supply-chain attack, researchers say

    Hackers compromised Daemon Tools by tampering with installers and distributing them through the software's official website, according to researchers at Kaspersky. This is a global supply-chain attack affecting a popular program used to mount disk images as virtual drives. The attackers distributed the compromised installers through the official Daemon Tools website.

  • SECURITYMay 5 · 19:46 UTCARS TECHNICA
    Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

    Daemon Tools, a widely used disk imaging app, has been compromised in a month-long supply-chain attack, pushing malicious updates to thousands of machines worldwide. The infected versions, ranging from 12.5.0.2421 to 12.5.0.2434, collect system information and send it to an attacker-controlled server. The attack targets select groups, including retail, scientific, government, and manufacturing organizations.

  • SECURITYMay 5 · 16:07 UTCTHE HACKER NEWS
    DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

    A supply chain attack has compromised DAEMON Tools software installers with malware, distributing it from the official website and signed with legitimate digital certificates. The attack was identified by Kaspersky researchers. The malicious payload is served through compromised installers.

  • SECURITYMay 5 · 15:20 UTCTECHCRUNCH
    Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

    Kaspersky has detected a widespread attack where Chinese hackers planted a backdoor into Daemon Tools, resulting in thousands of infection attempts and at least a dozen successful hacks. The malicious versions of the popular Windows software were installed by users. This attack has compromised the security of many systems.

  • SECURITYMay 4 · 20:03 UTCBLEEPING COMPUTER
    Researchers report Amazon SES abused in phishing to evade detection

    Amazon Simple Email Service is being abused to send phishing emails that can bypass standard security filters. Cybersecurity firm Kaspersky reports the abuse, which renders reputation-based blocks ineffective. The phishing emails are convincing and increasingly used.

  • SECURITYApr 24 · 11:48 UTCTHE HACKER NEWS
    26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

    Cybersecurity researchers have identified 26 malicious apps on the Apple App Store that mimic legitimate cryptocurrency wallets to steal recovery phrases and private keys. These apps, active since fall 2025, trick users into downloading trojanized versions of authentic wallets via fake App Store redirects.

  • SECURITYApr 22 · 10:55 UTCTHE HACKER NEWS
    Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

    Cybersecurity researchers discovered a new data wiper malware, Lotus Wiper, used in destructive attacks targeting Venezuela's energy and utilities sector between late 2025 and early 2026. The malware, identified by Kaspersky, employs batch scripts to initiate file deletion campaigns.

Kaspersky · Dossier · The Nexus