Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across...
The game is over: when “free” comes at too high a price. What we...
We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex...
Spam and phishing in 2025
The year in figures
99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam
50% of all...
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
Introduction
Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and...
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Introduction
On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
UPD 30.01.2026: Added technical details about the attack chain and more IoCs.
On January 20, a supply chain attack has occurred, with the infected software...
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Over the past few years, we’ve been observing and monitoring the espionage activities of HoneyMyte (aka Mustang Panda or Bronze President) within Asia and...
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Overview of the attacks
In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old,...
Threat landscape for industrial automation systems in Q3 2025
Statistics across all threats
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4...
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction
The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving...
Latest article
Metasploit Wrap-Up 03/06/2026
Encoder exposed!Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new...
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Added FAQ information. This is an informational change only. - Read more
LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability.
The post LexisNexis Hack Exposes 3.9M Records...
Iran’s MuddyWater Hackers Hit US Firms with New ‘Dindoor’ Backdoor
A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign...
