Recent findings from Kaspersky underscore the persistent and sophisticated nature of digital threats. As organizations and individuals navigate an increasingly connected world, two key reports reveal alarming trends: a notable uptick in malicious email activities throughout 2025 and the discovery of concealed infection pathways in a major software supply chain breach.
These insights emphasize the need for enhanced defenses against both commonplace and targeted attacks.
Starting with email-based threats, Kaspersky’s data shows a 15% rise in encounters with harmful or unwanted attachments, totaling more than 144 million instances among personal and business users last year.
This growth highlights email’s role as a primary vector for cybercriminals.
Nearly 45% of worldwide email volume consisted of spam, including fraudulent schemes, phishing lures, and malware distributions.
Scammers have refined their approaches, often diverting victims to instant messaging apps or phone lines for further exploitation.
Phishing tactics now frequently involve masked web addresses hidden behind link-shortening services, embedded QR codes in messages or attachments, and even the misuse of trusted platforms like OpenAI for generating deceptive content.
Business email compromise (BEC) attacks have become more cunning, with perpetrators crafting phony forwarded messages that lack standard email thread markers to evade detection.
Geographically, the Asia-Pacific region bore the brunt, accounting for 30% of antivirus triggers on emails, while Europe followed at 21%.
Latin America, the Middle East, Russia and the CIS, and Africa made up the rest, with hotspots in nations like China (14%), Russia (11%), Mexico (8%), Spain (8%), and Turkey (5%).
Activity spiked during mid-year months—June and July—and again in November, possibly tied to seasonal phishing campaigns.
Experts note that artificial intelligence is fueling this escalation, enabling tailored, convincing messages at scale.
In fact, phishing initiates one in ten corporate breaches, often paving the way for advanced persistent threats (APTs).
To counter this, Kaspersky recommends scrutinizing unexpected invitations, verifying links meticulously, ignoring dubious contact numbers, deploying robust email security tools, and running employee awareness programs on phishing red flags.
Shifting focus to supply chain risks, Kaspersky’s Global Research and Analysis Team (GReAT) has exposed previously undetected layers in the Notepad++ compromise, stemming from a hosting provider vulnerability revealed on February 2, 2026.
This incident enabled attackers to tamper with the popular text editor’s update mechanism, launching a targeted operation against entities including a Philippine government body, a Salvadoran bank, a Vietnamese IT firm, and private users in multiple nations.
GReAT identified at least three separate infection sequences from July to October 2025, with only the October phase previously publicized.
The earlier chains featured unique markers—distinct malicious IPs, domains, deployment techniques, and payloads—indicating monthly overhauls by the perpetrators to stay ahead of defenses.
This revelation carries significant implications: Many organizations might have overlooked infections by scanning solely for the known October indicators.
Kaspersky has released an expanded list of indicators of compromise (IoCs), encompassing six updater hashes, 14 command-and-control URLs, and eight file hashes not reported before.
Senior researcher Georgy Kucherin warns that assuming safety after negative scans on public IoCs is misguided, as additional undisclosed chains could exist.
Kaspersky’s protective solutions flag all associated malware, urging comprehensive threat hunting.
These developments from Kaspersky illustrate how cybercriminals are adapting with speed and ingenuity, leveraging everyday tools like email and software updates for infiltration.
By staying informed and implementing layered security— from AI-driven detection to regular audits—users can mitigate these risks. As threats evolve, proactive measures remain essential in safeguarding digital assets.