The game is over: when “free” comes at too high a price. What we...
We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex...
Spam and phishing in 2025
The year in figures
99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam
50% of all...
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
Introduction
Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and...
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Introduction
On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
UPD 30.01.2026: Added technical details about the attack chain and more IoCs.
On January 20, a supply chain attack has occurred, with the infected software...
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Over the past few years, we’ve been observing and monitoring the espionage activities of HoneyMyte (aka Mustang Panda or Bronze President) within Asia and...
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Overview of the attacks
In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old,...
Threat landscape for industrial automation systems in Q3 2025
Statistics across all threats
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4...
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction
The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving...
Assessing SIEM effectiveness
A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it...
Latest article
3 practical ways AI threat detection improves enterprise cyber resilience
Why “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know...
North Korean Hackers Use Fake IT Worker Scheme to Infiltrate Companies and Evade Sanctions
North Korea has been running one of the most quietly effective cyber fraud operations in recent years. State-sponsored operatives working for the Pyongyang...
[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion
Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:30
A vulnerability has been identified in Nessus on...
It pays to be a forever student
Welcome to this week’s edition of the Threat Source newsletter. If I haven’t said it in a newsletter before, I'll say it now: If you want to be good...
