The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Overview of the attacks
In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old,...
A Note from our Executive Director
This letter was originally published in our 2025 Annual Report.
This year was the 10th anniversary of Let’s Encrypt. We’ve come a long way!...
WIRED – 2,364,431 breached accounts
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated...
‘All brakes are off’: Russia’s attempt to rein in illicit market for leaked data...
Russian state has tolerated parallel probiv market for its convenience but now Ukrainian spies are exploiting itRussia is scrambling to rein in the country’s...
Utair – 401,400 breached accounts
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over...
Threat landscape for industrial automation systems in Q3 2025
Statistics across all threats
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4...
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction
The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving...
Медицинская лаборатория Гемотест (Gemotest) – 6,341,495 breached accounts
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses...
Assessing SIEM effectiveness
A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it...
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
