Agregátor RSS

No reports of active exploitation (yet)

Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

**Co je VPN, jak funguje a kdy se hodí ji používat. **Nenechte se zlákat nulovou cenou, jinak zaplatíte vlastním soukromím. **Srovnali jsme nejpoužívanější uživatelské VPN. Podnikovým řešením se článek nevěnuje.

Co je VPN, jak funguje a kdy se hodí ji používat. • Nenechte se zlákat nulovou cenou, jinak zaplatíte vlastním soukromím. • Srovnali jsme nejpoužívanější uživatelské VPN. Podnikovým řešením se článek nevěnuje.

Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]

Some customer orgs tell staff to block inbound email from the provider

Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.…

Microsoft will cut the price of Windows 365 subscriptions for small and mid-sized businesses by 20% next month, though analysts expect little impact on uptake of the Desktop-as-a-Service (DaaS) platform. 

The price change for Windows 365 Business takes effect May 1, 2026 for new subscriptions; existing subscribers will receive updated pricing at renewal, Microsoft explained on its Partner Center page.

The company first introduced the lower rate as a promotional offer last October and is now making that reduction permanent.

At the same time, Microsoft will also introduce a new “on-demand start experience” that will result in longer time to start up Cloud PC virtual desktops when they’ve been disconnected for more than an hour.

“The impact on user experience will likely be minimal, spare a slightly longer startup time on the first connection after hibernation,” said Gabe Knuth, principal analyst at Omdia.

The Windows 365 price change comes as PC prices are set to rise this year due to global memory chip shortages.

Even so, Jack Gold, principal analyst at J. Gold Associates, doesn’t expect the Windows 365 price cut to result in a significant boost in adoption among small to mid-sized businesses.

“I do expect that the price decrease is an incentive move to get companies to move to Windows 365, but I’m not convinced it will make that much difference,” Gold said. “TCO [total cost of ownership] is a major component of enterprise concerns about deploying PCs — in that sense this helps. But whether or not it’s enough to move adoption rates remains to be seen.”  

Windows 365 currently represents a “small minority of enterprise PC installations,” he said. 

Knuth said that while businesses will likely appreciate the lower pricing, “the use case will still dictate Windows 365 adoption more than cost.” 

The overall market for DaaS tools is set to increase from $4.3 billion in 2025 to $6 billion by 2029, according to Gartner. The analyst firm also forecast in its 2025 Magic Quadrant for Desktop-as-a-Service report that virtual desktops will become cost-effective for 95% of workers by 2027, compared to 40% in 2019. 

In that same time frame, virtual desktops will become the primary workspace for 20% of workers by 2027, Gartner expects, up from 10% in 2019.

Related reading:

• Cheap enterprise PCs? Not anytime soon — analysts
• Is it time to reconsider DaaS?
• The Windows PC is dying, thanks to cloud-based services and AI

Container security failures rarely come from zero-days. They come from the configuration. Misconfigurations don't trigger alerts. They don456't crash systems. Most of the time, they sit quietly in production until something starts probing from the outside or moving laterally from the inside.

While sales of new Macs are surging the second-user market is also seeing strong momentum, prompting Blancco Technology Group and Cambrionix to introduce a new solution to help quickly erase and prepare large numbers of Macs for sale.

Why would there demand for such a solution? Does its existence really represent a shift toward the use of Apple hardware in the enterprise? I spoke with Kon Maragelis, senior lead, mobile & ITAD at Blancco, who confirmed continued growth in Mac reuse across secondary markets. 

“Demand is being driven by a combination of factors, including the high residual value of Apple devices, longer product life cycles, and increasing interest from both businesses and consumers in more sustainable and cost-effective alternatives to new hardware,” he said. 

More Macs are entering refurb sales channels

The inherent value of the platform brings its own reward. “Macs, in particular, tend to retain their value longer than many other laptops, making them highly attractive in second-user markets,” he said. “As a result, we’re seeing growing volumes entering refurbishment and resale channels.”

The new solution combines Blancco Eraser for Apple Devices software with the Cambrionix ThunderSync5-C16 industrial-grade hub. The system lets IT remove data from 16 Macs simultaneously in less than 20 minutes, certifying the results to industry standards. You can expand the number of Macs handled with the addition of an extra hub and the companies claim to offer the fastest such data-compliant system in the business.

While existing tools usually process Macs at a rate of three to 10 per hour, the combined solution can process as many as 48 Macs each hour — more if you add additional hubs. The system will even reinstall the operating system, which means IT can quickly and securely delete and prepare Macs for reuse or sale.

These kinds of tool matter for any business managing large fleets, particularly those with high data compliance burdens. They also matter to IT asset disposal (ITAD) firms, educational districts, health technology deployment, and more.

Holding value

Typically, larger organizations rely on third-party firms to handle erasure, reimaging, and sale to second-user markets, but there is growing interest in bringing solutions like this in-house. As Mac adoption increases in corporate environments, it’s reasonable to expect the demand for secure, scalable processing to grow.

Maragelis characterized Mac deployment in the enterprise, as being championed by cloud-first, developer-led, modern workplace environments. “As these devices enter refresh cycles, we expect continued growth in enterprise-driven reuse,” he said.

Macs have always retained value in second-user markets, meaning that strength reflects popularity in brand new markets. If there’s strong demand for the latest Mac, you’ll probably also find a surge in demand for an older model. Take the MacBook Neo; its introduction prompted many potential customers to look at slightly older MacBook Airs instead. (Apple doesn’t mind as it sells plenty of both.)

Logically then, shouldn’t growing Mac market share be reflected in second-user sales? “Yes, we are seeing continued growth in Mac reuse across secondary markets,” Margelis said. “We’re also seeing growing demand for faster, higher-volume refurbishment and resale of Mac devices.”

What comes next?

While it’s hard into the future, he did note how the adoption of Apple Silicon in Macs and mobile devices may make for other synergies: “One key shift is the need for more unified processing across Macs and iPhones, where similar architectures allow for more consistent workflows across diagnostics, secure data erasure, and validation. This opens up new opportunities to apply mobile-scale automation approaches to Mac processing.”

That’s nice if that’s your business. But for the rest of us, the very existence of products like these signifies a rapidly growing demand for Macs, even as Microsoft increases prices for its own hardware. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. [...]

Francouzská státní správa přejde z Windows na Linux. • Migrace by měla být hotová do konce tohoto roku. • Země nechce být závislá na amerických produktech a službách.

Aplikace pro ověřování věku uživatelů on-line platforem je technicky hotová a brzy bude k dispozici pro občany EU, oznámila dnes předsedkyně Evropské komise Ursula von der Leyenová. Půjde podle ní o bezplatné a snadno použitelné řešení, které pomůže chránit děti před škodlivým a nelegálním obsahem. Aplikace bude podle ní fungovat na jakémkoli zařízení a bude zcela anonymní.

Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. [...]

Poprvé měl letět v roce 2021, pak se datum posunulo na rok 2022, 2024, 2025 a teď to vypadá, že se snad do vesmíru podívá nejdříve letos na podzim. Řeč je o malém bezpilotním raketoplánu Dream Chaser, který si NASA objednala pro několik nákladních letů na ISS. Stojí za ním coloradská společnost ...

Latest in a string of cases that have earned France an unfortunate title

A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of euros.…

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Program Google vyšel pro Windows, ale zatím jen v angličtině. • Vyhledávání na webu, nabízí AI, režim Lens nebo lokální vyhledávání. • Spouští se klávesovou zkratkou Alt+mezerník, stejně jako Copilot a ChatGPT.

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Statistics across all threats

The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023.

Percentage of ICS computers on which malicious objects were blocked, Q1 2023–Q4 2025

Regionally, in Q4 2025, the percentage of ICS computers on which malicious objects were blocked ranged from 8.5% in Northern Europe to 27.3% in Africa.

Regions ranked by percentage of ICS computers on which malicious objects were blocked

Four regions saw an increase in the percentage of ICS computers on which malicious objects were blocked. The most notable increases occurred in Southern Europe and South Asia. In Q3 2025, East Asia experienced a sharp increase triggered by the local spread of malicious scripts, but the figure has since returned to normal.

Changes in percentage of ICS computers on which malicious objects were blocked, Q4 2025

Feature of the quarter: worms in email

In Q4 2025, the percentage of ICS computers on which wormsinemailattachments were blocked increasedinallregions of the world.

Many of the blocked threats were related to the worm Backdoor.MSIL.XWorm. This malware is designed to persist on the system and then remotely control it.

Interestingly, this threat was not detected on ICS computers in the previous quarter, yet it appeared in all regions in Q4 2025.

A study found that the active spread of Backdoor.MSIL.XWorm via phishing emails was likely linked to the use by hackers of another malware obfuscation technique that was actively used during massive phishing campaigns in Q4 2025. These campaigns have been known since 2024 as “Curriculum-vitae-catalina”.

The attackers distributed phishing emails to HR managers, recruiters, and employees responsible for hiring. The messages were disguised as responses from job applicants with subjects such as “Resume” or “Attached Resume” and contained a malicious executable file under the guise of a curriculum vitae. Typically, the file was named Curriculum Vitae-Catalina.exe. When executed, it infected the system.

In Q4 2025, the threat spread across regions in two waves — one in October and another in November. Russia, Western Europe, South America, and North America (Canada) were attacked in October. A spike in Backdoor.MSIL.XWorm blocking was observed in other regions in November. The attack subsided in all regions in December.

The highest percentage of ICS computers on which Backdoor.MSIL.XWorm was blocked was observed in regions where threats from email clients had been historically blocked at high rates on ICS computers: Southern Europe, South America, and the Middle East.

At the same time, in Africa, where USB storage media are still actively used, the threat was also detected when removable devices were connected to ICS computers.

Selected industries

The biometrics sector has historically led the rankings of industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked.

These systems are characterized by accessibility to and from the internet, as well as minimal cybersecurity controls by the consumer organization.

Rankings of industries and OT infrastructure by percentage of ICS computers on which malicious objects were blocked

In Q4 2025, the percentage of ICS computers on which malicious objects were blocked increased only in one sector: oil and gas. The corresponding figures increased in two regions: Russia, and Central Asia and the South Caucasus.

However, if we look at a broader time span, there is a downward trend in all the surveyed industries.

Percentage of ICS computers on which malicious objects were blocked in selected industries

Diversity of detected malicious objects

In Q4 2025, Kaspersky protection solutions blocked malware from 10,142 different malware families of various categories on industrial automation systems.

Percentage of ICS computers on which the activity of malicious objects from various categories was blocked

In Q4 2025, there was an increase in the percentage of ICS computers on which worms, and miners in the form of executable files for Windows were blocked. These were the only categories that exhibited an increase.

Main threat sources

Depending on the threat detection and blocking scenario, it is not always possible to reliably identify the source. The circumstantial evidence for a specific source can be the blocked threat’s type (category).

The internet (visiting malicious or compromised internet resources; malicious content distributed via messengers; cloud data storage and processing services and CDNs), email clients (phishing emails), and removable storage devices remain the primary sources of threats to computers in an organization’s technology infrastructure.

In Q4 2025, the percentage of ICS computers on which malicious objects from various sources were blocked decreased. All sources except email clients saw their lowest levels in three years.

Percentage of ICS computers on which malicious objects from various sources were blocked

The same computer can be attacked by several categories of malware from the same source during a quarter. That computer is counted when calculating the percentage of attacked computers for each threat category, but is only counted once for the threat source (we count unique attacked computers). In addition, it is not always possible to accurately determine the initial infection attempt. Therefore, the total percentage of ICS computers on which various categories of threats from a certain source were blocked can exceed the percentage of computers affected by the source itself.

• In Q4 2025, the percentage of ICS computers on which threats from the internet were blocked decreased to 7.67% and reached its lowest level since the beginning of 2023. The main categories of internet threats are malicious scripts and phishing pages, and denylisted internet resources. The percentage ranged from 3.96% in Northern Europe to 11.33% in South Asia.
• The main categories of threats from email clients blocked on ICS computers were malicious scripts and phishing pages, spyware, and malicious documents. Most of the spyware detected in phishing emails was delivered as a password archive or a multi-layered script embedded in office document files. The percentage of ICS computers on which threats from email clients were blocked ranged from 0.64% in Northern Europe to 6.34% in Southern Europe.
• The main categories of threats that were blocked when removable media was connected to ICS computers were worms, viruses, and spyware. The percentage of ICS computers on which threats from removable media were blocked ranged from 0.05% in Australia and New Zealand to 1.41% in Africa.
• The main categories of threats that spread through network folders in Q4 2025 were viruses, AutoCAD malware, worms, and spyware. The percentage of ICS computers on which threats from network folders were blocked ranged from 0.01% in Northern Europe to 0.18% in East Asia.

Threat categories

Typical attacks blocked within an OT network are multi-step sequences of malicious activities, where each subsequent step of the attackers is aimed at increasing privileges and/or gaining access to other systems by exploiting the security problems of industrial enterprises, including OT infrastructures.

Malicious objects used for initial infection

In Q4 2025, the percentage of ICS computers on which denylisted internet resources were blocked decreased to 3.26%. This is the lowest quarterly figure since the beginning of 2022, and it has decreased by 1.8 times since Q2 2025.

Percentage of ICS computers on which denylisted internet resources were blocked, Q1 2023–Q4 2025

Regionally, the percentage of ICS computers on which denylisted internet resources were blocked ranged from 1.74% in Northern Europe to 3.93% in Southeast Asia, which displaced Africa from first place. Russia rounded out the top three regions for this indicator.

The percentage of ICS computers on which malicious documents were blocked increased for three consecutive quarters. However, in Q4 2025 it decreased by 0.22 pp to 1.76%.

Percentage of ICS computers on which malicious documents were blocked, Q1 2023–Q4 2025

Regionally, the percentage ranged from 0.46% in Northern Europe to 3.82% in Southern Europe. In Q4 2025, the indicator increased in Eastern Europe, Russia, and Western Europe.

The percentage of ICS computers on which malicious scripts and phishing pages were blocked decreased to 6.58%. Despite the decline, this category led the rankings of threat categories in terms of the percentage of ICS computers on which they were blocked.

Percentage of ICS computers on which malicious scripts and phishing pages were blocked, Q1 2023–Q4 2025

Regionally, the percentage ranged from 2.52% in Northern Europe to 10.50% in South Asia. The indicator increased in South Asia, South America, Southern Europe, and Africa. South Asia saw the most notable increase, at 3.47 pp.

Next-stage malware

Malicious objects used to initially infect computers deliver next-stage malware — spyware, ransomware, and miners — to victims’ computers. As a rule, the higher the percentage of ICS computers on which the initial infection malware is blocked, the higher the percentage for next-stage malware.

In Q4 2025, the percentage of ICS computers on which spyware, ransomware and web miners were blocked decreased. The rates were:

• Spyware: 3.80% (down 0.24 pp). For the second quarter in a row, spyware took second place in the rankings of threat categories in terms of the percentage of ICS computers on which it was blocked.
• Ransomware: 0.16% (down 0.01 pp).
• Web miners: 0.24% (down 0.01 pp), this is the lowest level observed thus far in the period under review.

The percentage of ICS computers on which miners in the form of executable files for Windows were blocked increased to 0.60% (up 0.03 pp).

Self-propagating malware

Self-propagating malware (worms and viruses) is a category unto itself. Worms and virus-infected files were originally used for initial infection, but as botnet functionality evolved, they took on next-stage characteristics.

To spread across ICS networks, viruses and worms rely on removable media and network folders and are distributed in the form of infected files, such as archives with backups, office documents, pirated games and hacked applications. In rarer and more dangerous cases, web pages with network equipment settings, as well as files stored in internal document management systems, product lifecycle management (PLM) systems, resource management (ERP) systems and other web services are infected.

In Q4 2025, the percentage of ICS computers on which worms were blocked increased by 1.6 times to 1.60%. As mentioned above, this increase is related to a global phishing attack that spread the Backdoor.MSIL.XWorm backdoor worm across all regions of the world. The percentage increased in all regions. The biggest increase (up by 2.16 times) was in Southern Europe. The malware was primary distributed through email clients, and Southern Europe led the way in terms of the percentage of ICS computers on which threats from email clients were blocked.

The percentage of ICS computers on which viruses were blocked decreased to 1.33%.

AutoCAD malware

This category of malware can spread in a variety of ways, so it does not belong to a specific group.

After an increase in the previous quarter, the percentage of ICS computers on which AutoCAD malware was blocked decreased to 0.29% in Q4 2025.

For more information on industrial threats see the full version of the report.