Giorgia Gastaldon, Emilio Villa e l'esperienza di "Appia Antica" (in "Studi di Memofonte", XIII, dicembre 2014, pp. 245-261)
academia.edu/10058821/Emilio_V…

Nell'estate del 1959 veniva dato alle stampe il primo numero di «Appia Antica. Atlante di Arte Nuova», «rivista di selezione poetica e di qualificazione ideologica di quella produzione artistica che si testimonia in qualche senso attiva o attuale» [...]

#emiliovilla
#appiaantica
#artecontemporanea

Leadership italiana per la stabilità del Medio Oriente. Abagnara alla guida di Unifil

@Notizie dall'Italia e dal mondo

Mercoledì, il Segretario Generale delle Nazioni Unite, António Guterres, ha annunciato la nomina del generale di Divisione dell’Esercito Italiano Diodato Abagnara a Capo missione e comandante della Forza interinale delle Nazioni Unite in Libano (Unifil). Abagnara subentra al

L’ombra di Kaspersky: servizi segreti svizzeri nel caos e dati riservati trasmessi in Russia

@Informatica (Italy e non Italy 😁)
Il caso dei dati riservati del Fis, trasmessi per anni a Kaspersky, sospetta di legami con il Cremlino, ha sollevato gravi dubbi sulla sicurezza dei dati svizzeri e sulla dipendenza da fornitori esterni, oltre a

Crisi automotive, tra la scure dei dazi e lo scacco di Pechino

@Politica interna, europea e internazionale

Licenziamenti, delocalizzazioni, chiusure. La crisi globale dell’automotive si inasprisce e le tensioni commerciali tra Washington e Pechino propagano i loro effetti sino a Bruxelles, stringendo in una doppia morsa il mercato europeo delle quattro ruote, già messo in ginocchio da

Spari contro la fame: la CNN documenta le uccisioni nei centri aiuti a Gaza

@Notizie dall'Italia e dal mondo
Un’inchiesta svela come l’accesso al cibo a Gaza sia diventato una trappola mortale, con spari diretti contro anziani, donne e bambini in attesa degli aiuti umanitari.
L'articolo Spari contro la fame: la CNN documenta le uccisioni nei centri aiuti a Gaza

IT threat evolution in Q1 2025. Non-mobile statistics
IT threat evolution in Q1 2025. Mobile statistics

The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing statistical data.

The quarter in numbers

In Q1 2025:

• Kaspersky products blocked more than 629 million attacks that originated with various online resources.
• Web Anti-Virus detected 88 million unique links.
• File Anti-Virus blocked more than 21 million malicious and potentially unwanted objects.
• Nearly 12,000 new ransomware variants were detected.
• More than 85,000 users experienced ransomware attacks.
• RansomHub was involved in attacks on 11% of all ransomware victims whose data was published on data leak sites (DLSs). Slightly under 11% encountered the Akira and Clop ransomware.
• Almost 315,000 users faced miners.

Ransomware

The quarter’s trends and highlights

Law enforcement success

Phobos Aetor, a joint international effort by law enforcement agencies from the United States, Great Britain, Germany, France and several other countries, resulted in the arrest of four suspected members of 8Base. They are accused of carrying out more than 1000 cyberattacks around the world with the help of the Phobos ransomware. The suspects were arrested in Thailand and charged with extorting more than $16 million dollars in Bitcoin. According to law enforcement officials, the multinational operation resulted in the seizure of more than 40 assets, including computers, phones, and cryptocurrency wallets. Additionally, law enforcement took down 27 servers linked to the cybercrime gang.

An ongoing effort to combat LockBit led to the extradition of a suspected ransomware developer to the United States. Arrested in Israel last August, the suspect is accused of receiving more than $230,000 in cryptocurrency for his work with the group between June 2022 and February 2024.

Vulnerabilities and attacks, BYOVD, and EDR bypassing

The first quarter saw a series of vulnerabilities detected in Paragon Partition Manager. They were assigned the identifiers CVE-2025-0288, CVE-2025-0287, CVE-2025-0286, CVE-2025-0285, and CVE-2025-0289. According to researchers, ransomware gangs had been exploiting the vulnerabilities to gain Windows SYSTEM privileges during BYOVD (bring your own vulnerable driver) attacks.

Akira exploited a vulnerability in a webcam to try and bypass endpoint detection and response (EDR) and encrypt files on the organization’s network over the SMB protocol. The attackers found that their Windows ransomware was being detected and blocked by the security solution. To bypass it, they found a vulnerable network webcam in the targeted organization that was running a Linux-based operating system and was not protected by EDR. The attackers were able to evade detection by compromising the webcam, mounting network drives of other machines, and running the Linux version of their ransomware on the camera.

HellCat leveraged compromised Jira credentials to attack a series of companies, including Ascom, Jaguar Land Rover, and Affinitiv. According to researchers, the threat actors obtain credentials by infecting employees’ computers with Trojan stealers like Lumma.

Other developments

An unidentified source posted Matrix chat logs belonging to the Black Basta gang. The logs feature information about the gang’s attack techniques and vulnerabilities that it exploited. In addition, the logs contain details about the group’s internal structure and its members, as well as more than 367 unique ZoomInfo links that the attackers used to gather data on potential victims.

BlackLock was compromised due to a vulnerability in the threat actor’s data leak site (DLS). Researchers who discovered the vulnerability gained access to confidential information about the group and its activities, including configuration files, login credentials, and the history of commands run on the server. DragonForce, a rival ransomware outfit, exploited the same security flaw to deface the DLS. They changed the site’s appearance, and made BlackLock’s internal chat logs and certain configuration files publicly available.

The most prolific groups

This section highlights the most prolific ransomware groups by number of victims that each added to their DLS during the reporting period. RansomHub, which stood out in 2024, remained the leader by number of new victims with 11.03%. Akira (10.89%) and Clop (10.69%) followed close behind.

The number of the group’s victims according to its DLS as a percentage of all groups’ victims published on all the DLSs reviewed during the reporting period (download)

Number of new modifications

In the first quarter, Kaspersky solutions detected three new ransomware families and 11,733 new variants – almost four times more than in the fourth quarter of 2024. This is due to the large number of samples that our solutions categorized as belonging to the Trojan-Ransom.Win32.Gen family.

New ransomware variants, Q1 2024 – Q1 2025 (download)

Number of users attacked by ransomware Trojans

The number of unique KSN users protected is 85,474.

Number of unique users attacked by ransomware Trojans, Q1 2025 (download)

Attack geography

Top 10 countries and territories attacked by ransomware Trojans

* Excluded are countries and territories with relatively few (under 50,000) Kaspersky product users.
** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique Kaspersky product users in the country/territory

TOP 10 most common ransomware Trojan families

* Unique Kaspersky product users attacked by the specific ransomware Trojan family as a percentage of all unique users attacked by this type of threat.

Miners

Number of new modifications

In the first quarter of 2025, Kaspersky solutions detected 5,467 new miner variants.

New miner variants, Q1 2025 (download)

Number of users attacked by miners

Miners were fairly active in the first quarter. During the reporting period, we detected miner attacks on the computers of 315,701 unique Kaspersky product users worldwide.

Number of unique users attacked by miners, Q1 2025 (download)

Attack geography

Top 10 countries and territories attacked by miners

* Excluded are countries and territories with relatively few (under 50,000) Kaspersky product users.
** Unique users whose computers were attacked by miners as a percentage of all unique Kaspersky product users in the country/territory.

Attacks on macOS

The first quarter saw the discovery of a new Trojan loader for macOS. This is a Go-based variant of ReaderUpdate, which has previously appeared in Python, Crystal, Rust, and Nim versions. These loaders are typically used to download intrusive adware, but there is nothing stopping them from delivering any kind of Trojan.

During the reporting period researchers identified new loaders from the Ferret malware family which were being distributed by attackers through fake online job interview invitations. These Trojans are believed to be part of an ongoing campaign that began in December 2022. The original members of the Ferret family date back to late 2024. Past versions of the loader delivered both a backdoor and a crypto stealer.

Throughout the first quarter, various modifications of the Amos stealer were the most aggressively distributed Trojans. Amos is designed to steal user passwords, cryptocurrency wallet data, browser cookies, and documents. In this campaign, threat actors frequently modify their Trojan obfuscation techniques to evade detection, generating thousands of obfuscated files to overwhelm security solutions.

TOP 20 threats to macOS

(download)

* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky security solutions for macOS.
* Data for the previous quarter may differ slightly from previously published data due to certain verdicts being retrospectively revised.

As usual, a significant share of the most common threats to macOS consists of potentially unwanted applications: adware, spyware tracking user activity, fake cleaners, and reverse proxies like NetTool. Amos Trojans, which we mentioned earlier, also gained popularity in the first quarter. Trojan.OSX.Agent.gen, which holds the third spot in the rankings, is a generic verdict that detects a wide variety of malware.

Geography of threats to macOS

TOP 10 countries and territories by share of attacked users

* Unique users who encountered threats to macOS as a percentage of all unique Kaspersky product users in the country/territory.

IoT threat statistics

This section presents statistics on attacks targeting Kaspersky IoT honeypots. The geographic data on attack sources is based on the IP addresses of attacking devices.

In the first quarter of 2025, the share of devices that attacked Kaspersky honeypots via the Telnet protocol increased again, following a decline at the end of 2024.

Distribution of attacked services by number of unique IP addresses of attacking devices (download)

The distribution of attacks across Telnet and SSH remained virtually unchanged compared to the fourth quarter of 2024.

Distribution of attackers’ sessions in Kaspersky honeypots (download)

TOP 10 threats delivered to IoT devices:

Share of each threat uploaded to an infected device as a result of a successful attack in the total number of uploaded threats (download)

A significant portion of the most widespread IoT threats continues to be made up of various Mirai DDoS botnet variants. BitCoinMiner also saw active distribution in the first quarter, accounting for 7.32% of detections. The number of attacks by the NyaDrop botnet (19.31%) decreased compared to the fourth quarter of 2024.

Geography of attacks on IoT honeypots

When looking at SSH attacks by country/territory, mainland China’s share has declined, while attacks coming from Brazil have seen a noticeable increase. There was also a slight uptick in attacks coming from the United States, Indonesia, Australia, and Vietnam.

The share of Telnet attacks originating from China and India dropped, while Brazil, Nigeria, and Indonesia took a noticeably larger share.

Attacks via web resources

The statistics in this section are based on detection verdicts by Web Anti-Virus, which protects users when suspicious objects are downloaded from malicious or infected web pages. Cybercriminals create malicious pages on purpose. Websites that host user-created content, such as forums, as well as compromised legitimate sites, can become infected.

Countries and territories that serve as sources of web-based attacks: the TOP 10

This section contains a geographical distribution of sources of online attacks blocked by Kaspersky products: web pages that redirect to exploits, sites that host exploits and other malware, botnet C&C centers, and so on. Any unique host could be the source of one or more web-based attacks.
To determine the geographical source of web-based attacks, domain names were matched against their actual IP addresses, and then the geographical location of a specific IP address (GeoIP) was established.

In the first quarter of 2025, Kaspersky solutions blocked 629,211,451 attacks launched from online resources across the globe. Web Anti-Virus detected 88,389,361 unique URLs.

Geographical distribution of sources of web-based attacks by country/territory, Q1 2025 (download)

Countries and territories where users faced the greatest risk of online infection

To assess the risk of online infection faced by PC users in various countries and territories, for each country or territory, we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the reporting period. The resulting data reflects the aggressiveness of the environment in which computers operate in different countries and territories.

These rankings only include attacks by malicious objects that belong in the Malware category. Our calculations do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky product users.
** Unique users targeted by web-based Malware attacks as a percentage of all unique Kaspersky product users in the country/territory.

On average during the quarter, 6.46% of users’ computers worldwide were subjected to at least one web-based Malware attack.

Local threats

Statistics on local infections of user computers are an important indicator. They include objects that penetrated the target computer by infecting files or removable media, or initially made their way onto the computer in non-transparent form. Examples of the latter are programs in complex installers and encrypted files.

Data in this section is based on analyzing statistics produced by anti-virus scans of files on the hard drive at the moment they were created or accessed, and the results of scanning removable storage media. The statistics are based on detection verdicts from the OAS (on-access scan) and ODS (on-demand scan) modules of File Anti-Virus. The data includes detections of malicious programs located on user computers or removable media connected to the computers, such as flash drives, camera memory cards, phones, or external hard drives.

In the first quarter of 2025, our File Anti-Virus detected 21,533,464 malicious and potentially unwanted objects.

Countries and territories where users faced the highest risk of local infection

For each country and territory, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in various countries and territories across the globe.

The rankings only include attacks by malicious objects that belong in the Malware category. Our calculations do not include File Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky product users.
** Unique users on whose computers local Malware threats were blocked, as a percentage of all unique users of Kaspersky products in the country/territory.

On average worldwide, local Malware threats were recorded on 13.62% of users’ computers at least once during the quarter.

securelist.com/malware-report-…

IT threat evolution in Q1 2025. Mobile statistics
IT threat evolution in Q1 2025. Non-mobile statistics

Quarterly figures

According to Kaspersky Security Network, in the first quarter of 2025:

• A total of 12 million attacks on mobile devices involving malware, adware, or unwanted apps were blocked.
• Trojans, the most common mobile threat, accounted for 39.56% of total detected threats.
• More than 180,000 malicious and potentially unwanted installation packages were detected, which included:
  
  • 49,273 packages related to mobile bankers
  • 1520 mobile ransomware Trojans.

  
  

Quarterly highlights

Attacks on Android devices involving malware, adware, or potentially unwanted apps in the first quarter of 2025 increased to 12,184,351.

Attacks on users of Kaspersky mobile solutions, Q3 2023 – Q1 2025 (download)

This growth was largely due to the activity of Mamont banking Trojans and Fakemoney scam apps, along with the discovery of fake popular brand smartphones that came preloaded with the Triada backdoor, capable of dynamically downloading any modules from a server. Triada’s modules possess a variety of features. They can substitute URLs in the browser, block connections to specific servers, or steal login credentials for social media and instant messaging services like TikTok, WhatsApp, Line, or Telegram. A module that steals crypto from wallets is worth separate mention. We tracked down several of the scammers’ wallets, the balances suggesting that a total of at least $270,000 had been stolen. The stolen amount in TRON cryptocurrency alone was $182,000.

A profitability chart for the threat actor’s TRON wallets (download)

The first quarter saw the discovery of a new banker that attacks users in Turkey: Trojan-Banker.AndroidOS.Bankurt.c. It masquerades as an app for viewing pirated movies.

The Trojan uses DeviceAdmin permissions to gain a foothold in the system, obtains access to Accessibility features, and then helps its operators to control the device remotely via VNC and steal text messages.

Mobile threat statistics

The number of detected Android malware and unwanted app samples increased compared to the fourth quarter of 2024, totaling 180,405.

Detected malicious and potentially unwanted installation packages, Q1 2024 – Q1 2025 (download)

Looking at the distribution of detected installation packages by type, we see that the typical frontrunners, RiskTool and adware, dropped to the third and fourth spots, respectively, in the first quarter. Banking Trojans (27.31%) and spy Trojans (24.49%) ranked as the most common threats.

Distribution of detected mobile apps by type, Q4 2024* – Q1 2025 (download)

* Data for the previous quarter may differ slightly from previously published data due to certain verdicts being retrospectively revised.

The revision was prompted by a sharp increase in Mamont banker installation packages in the first quarter. Agent.akg, which steals text messages, accounted for the largest number of spy Trojan installation packages.

Share* of users attacked by the given type of malicious or potentially unwanted apps out of all targeted users of Kaspersky mobile products, Q4 2024 – Q1 2025 (download)

* The total may exceed 100% if the same users experienced multiple attack types.

The first quarter saw a sharp rise in the number of users attacked by Trojans. This was driven by a large number of detected devices preloaded with the Triada Trojan and the increased activity of Fakemoney scam apps, which tricked users into sharing their personal data by promising easy money. The increase in the number of users who encountered banking Trojans was, again, due to the activity of the Mamont family.

TOP 20 most frequently detected types of mobile malware

Note that the malware rankings below exclude riskware and potentially unwanted apps, such as adware and RiskTool.

* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.

Nearly the entire list was occupied by the aforementioned Fakemoney apps and various Mamont banking Trojan variants, along with preloaded Backdoor.AndroidOS.Triada.z, and Trojan.AndroidOS.Triada.hf malicious apps. Additionally, remaining among the most prevalent Android malware were modified messengers with the embedded Triada Trojan (Triada.fe, Triada.gn, Triada.ga, Triada.gs) and the preloaded Dwphon Trojan. What is interesting is the inclusion of the Trojan-Clicker.AndroidOS.Agent.bh sample on the list. This is a fake ad blocker that, conversely, inflates ad views.

Region-specific malware

This section describes malware families that mostly focused on specific countries.

* The country where the malware was most active.
** Unique users who encountered this Trojan variant in the indicated country as a percentage of all Kaspersky mobile security solution users attacked by the same variant.

The first quarter saw a somewhat smaller number of “selective” malicious apps than before. As usual, Turkey experienced a prevalence of banking Trojans: Coper, equipped with RAT capabilities enabling attackers to steal money through remote device management; BrowBot, which pilfers text messages; and the banking Trojan droppers Hqwar and Agent.sm. In India, users faced Rewardsteal banking Trojans which stole bank details by pretending to offer money. Additionally, the UdangaSteal Trojan, previously prevalent in Indonesia, and the SmForw.ko Trojan, which forwards incoming text messages to another number, also spread to India.

Mobile banking Trojans

Number of installation packages for mobile banking Trojans detected by Kaspersky, Q1 2024 – Q1 2025 (download)

The increase in the number of installation packages for banking Trojans was primarily driven by Mamont. Its creators apparently follow a MaaS model, enabling any scammer to get a custom variant generated for a fee. As a result, a large number of unrelated cybercriminals are spreading distinct versions of Mamont.

When it comes to the percentage of users targeted, various versions of Mamont are also mainly at the top.

Top 10 mobile bankers

securelist.com/malware-report-…

Il Museo Disperso: L’arte palestinese contro l’oblio coloniale

@Notizie dall'Italia e dal mondo
Da Gaza a Bologna, passando per Venezia e Edimburgo, le opere del Palestine Museum US sfidano la narrazione dominante e raccontano la resistenza culturale di un popolo in lotta per la propria dignità.
L'articolo Il Museo Disperso: L’arte palestinese contro l’oblio coloniale proviene

Gli equilibrismi di Nintendo nella partita di Switch 2

L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
La console d'ultima generazione debutta con grande ritardo rispetto alle rivali, PlayStation 5 e Xbox Series. Inoltre, il periodo per il comparto dei videogiochi non è dei migliori, tra licenziamenti e chiusura di molteplici

La missione dell’Italia di impedire l’accesso dei minori ai siti porno è utopica?

L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
La Francia obbliga i siti pornografici a richiedere la verifica dell'età degli utenti e, per protesta, YouPorn, RedTube e Pornhub stanno bloccando l'accesso alle

L’Intelligenza artificiale di Perplexity spinge Google fuori dallo smartphone?

L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
Qualche settimana fa Google è riuscita a sventare la defenestrazione della sua Intelligenza artificiale dai cellulari Motorola (della cinese Lenovo) più interessati agli

I capitali privati e le industrie per la Difesa si riuniscono a Berlino. C’è anche l’Italia

@Notizie dall'Italia e dal mondo

Si è riunito oggi a Berlino il vertice del Mission 2044, un format di dibattito e confronto tra soggetti pubblici e privati sulle sfide del rafforzamento della Difesa in Europa, nasce dall’esigenza di rispondere ai cambiamenti dello status quo internazionale,

La sindaca di Genova Silvia Salis a TPI: “Il campo progressista unito
può vincere ovunque”

@Politica interna, europea e internazionale
«La politica è lo specchio del Paese, quindi quello che incontri in questo ambiente lo incontri nel resto della società, amplificato dal fatto che nella politica c’è una dimensione mediatica. Chiaramente se un amministratore delegato fa una battuta è un conto, se la fa un

La distruzione di Gaza promuove le armi israeliane: esportazioni record per 14,8 miliardi

@Notizie dall'Italia e dal mondo
Il Ministero della Difesa sottolinea che il 54% delle vendite ha riguardato i paesi europei
pagineesteri.it/2025/06/04/med…

Sudan in fuga: oltre 4 milioni di rifugiati in una guerra dimenticata

@Notizie dall'Italia e dal mondo
L’ONU lancia l’allarme: è la peggiore crisi di sfollamento al mondo, ma la comunità internazionale resta in silenzio mentre milioni di civili attraversano il deserto tra fame, violenze e abbandono.
L'articolo Sudan in fuga: oltre 4 milioni di rifugiati in una guerra

Digitalsteuer: Tech-Konzerne sollen blechen

netzpolitik.org/2025/digitalst…

Grundgesetzänderung für Digitalisierung: „Die Infrastruktur für föderale Lösungen soll einheitlich sein“

netzpolitik.org/2025/grundgese…

Gaza muore di fame: la Ghf chiude i cancelli tra le stragi

@Notizie dall'Italia e dal mondo
Ventidue camion in tre giorni contro i seicento pre-guerra: la Ghf blocca la distribuzione degli aiuti, mentre a Gaza si continua a morire di fame e sotto i colpi dell’esercito.
L'articolo pagineesteri.it/2025/06/04/ape…