A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Introduction
In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with...
An AI gateway designed to steal your data
A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen...
Coruna: the framework used in Operation Triangulation
Introduction
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit...
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Introduction
In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down...
Free real estate: GoPix, the banking Trojan living off your memory
Introduction
GoPix is an advanced persistent threat targeting Brazilian financial institutions’ customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through...
BeatBanker: A dual‑mode Android Trojan
Recently, we uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play...
Exploits and vulnerabilities in Q4 2025
The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries...
Mobile malware evolution in 2025
Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections...
Arkanix Stealer: a C++ & Python infostealer
Introduction
In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed “Arkanix Stealer” by its authors. It operated under...
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across...
Latest article
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats,...
The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns - Read more
CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server
CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could...
SBOM erklärt: Was ist eine Software Bill of Materials?
Softwareentwicklung und Autoproduktion haben mehr gemein, als man denkt. Lesen Sie, was Sie zum Thema Software Bill of Materials (SBOM) wissen...
Rental platform unnecessarily collected the data of millions of Australians, privacy commissioner finds
2Apply’s over-collection of personal information adds to the power of the real estate industry in the competitive rental market, Carly Kind saysFollow our Australia...
