In an increasingly digital environment, cyber threats are evolving at an alarming pace, targeting vulnerabilities across platforms and regions.
Kaspersky, a global enabler of cybersecurity, has recently released reports highlighting a surge in exploits affecting Linux and Windows users, the resurgence of the Russian-speaking ransomware group OldGremlin, and their pivotal role in supporting INTERPOL’s Serengeti 2.0 operation, which led to over 1,200 arrests.
These developments underscore the growing sophistication of cybercriminals and the critical need for robust cybersecurity measures and international collaboration.
Kaspersky’s latest data reveals a troubling increase in vulnerability exploits targeting both Windows and Linux users in the first half of 2025 compared to 2024.
According to the report, the total number of registered vulnerabilities rose significantly, with cybercriminals exploiting weaknesses in widely used operating systems.
This uptick is attributed to the rapid digital transformation expanding attack surfaces, particularly in regions like the Middle East and Asia-Pacific, where cybersecurity maturity varies.
Enterprises, especially those in infrastructure and operational technology, are prime targets due to their critical systems and data.The report emphasizes that attackers are leveraging open-source tools and known vulnerable drivers to bypass security measures.
For instance, tools like EDRSandblast and Backstab simplify advanced techniques such as Bring Your Own Vulnerable Driver (BYOVD), enabling attackers to disable protections and deploy malicious code.
Kaspersky recommends that organizations adopt real-time protection solutions, such as their Next product line, which offers Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) capabilities.
Additionally, maintaining updated software, monitoring network traffic, and implementing offline backups are critical steps to mitigate these risks.
Adding to the cybersecurity challenges, Kaspersky’s Threat Research team has identified a resurgence of the Russian-speaking ransomware group OldGremlin in early 2025.
Known for targeting manufacturing, healthcare, retail, and technology sectors, OldGremlin has a history of demanding hefty ransoms, with one case reaching nearly $17 million.
Their latest attacks showcase a refined playbook, including the use of a remote-access backdoor, a “patcher” that exploits legitimate Windows drivers to disable protections, and Node.js to execute commands.
Notably, the group has begun branding their malware, with “OldGremlin” appearing in ransom notes and file paths, signaling increased confidence and operational sophistication.
Kaspersky’s analysis highlights OldGremlin’s four-part toolkit, which includes a malicious driver to neutralize security tools and a backdoor for persistent control over infected systems.
The group’s ability to exploit vulnerabilities in legitimate software underscores the need for organizations to prioritize threat intelligence and proactive defense strategies.
Kaspersky advises using solutions that detect lateral movements and data exfiltration, alongside regular software updates and backup systems to counter such targeted ransomware attacks.
On the global stage, Kaspersky has played a crucial role in INTERPOL’s Serengeti 2.0 operation, a coordinated effort to combat cybercrime.
The operation resulted in the arrest of 1,209 suspected cybercriminals, the recovery of USD 97.4 million, and the dismantling of 11,432 malicious infrastructures impacting nearly 88,000 victims.
Targeting high-impact crimes like ransomware, online scams, and business email compromise (BEC), Serengeti 2.0 involved investigators from 18 African countries and the United Kingdom, building on the success of the 2024 Serengeti operation, which addressed USD 193 million in damages.
Kaspersky contributed by sharing threat intelligence and indicators of compromise (IoCs), helping law enforcement identify and neutralize threats.
The operation highlights the accelerating cybercrime trend in Africa, driven by AI-powered attacks and turnkey attack infrastructures.
Yuliya Shlychkova, Kaspersky’s Vice-President of Government Affairs & Public Policy, emphasized the dual nature of rapid digitalization—offering opportunities but also exposing new risks.
INTERPOL’s Secretary General, Valdecy Urquiza, noted that such operations strengthen global cooperation, enhancing investigative skills and information sharing to safeguard victims.
Kaspersky’s findings paint a stark picture of the evolving cyberthreat landscape.
The rise in exploits targeting Linux and Windows, the return of sophisticated groups like OldGremlin, and the success of operations like Serengeti 2.0 highlight the need for cybersecurity strategies and global cooperation.
Organizations must invest in advanced detection tools, employee training, and regular system updates, while international efforts like Serengeti demonstrate the power of collaboration in disrupting cybercrime.
As digital transformation accelerates, it is becoming clear that staying ahead of cybercriminals requires vigilance and a unified global response.