Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks...
PhantomRPC: A new privilege escalation technique in Windows RPC
Intro
Windows Interprocess Communication (IPC) is one of the most complex technologies within the Windows operating system. At the core of this ecosystem is the...
FakeWallet crypto stealer spreading through iOS apps in the App Store
In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps...
Threat landscape for industrial automation systems in Q4 2025
Statistics across all threats
The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4...
The long road to your crypto: ClipBanker and its marathon infection chain
At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Introduction
In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with...
An AI gateway designed to steal your data
A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen...
Coruna: the framework used in Operation Triangulation
Introduction
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit...
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Introduction
In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down...
Free real estate: GoPix, the banking Trojan living off your memory
Introduction
GoPix is an advanced persistent threat targeting Brazilian financial institutions’ customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through...
Latest article
Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and...
Meet Fragnesia, the third Linux kernel vulnerability in a month
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to...
Microsoft Foundry Toolkit for VS Code: Command Injection via Python Interpreter Path Leading to...
Microsoft Foundry Toolkit for VS Code: Command Injection via Python Interpreter Path Leading to Arbitrary Code Execution Microsoft Foundry Toolkit for VS Code (formerly...
Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that...
