- Arkanix Stealer: a C++ & Python infostealer
by Kirill Korchemny, Omar Amin on February 19, 2026 at 11:00 amKaspersky researchers analyze a C++ and Python stealer dubbed “Arkanix Stealer”, which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
- Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
by Dmitry Kalinin on February 17, 2026 at 9:00 amKaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world’s most prolific Android botnets.
- The game is over: when βfreeβ comes at too high a price. What we know about RenEngine
by Denis Brylev, Pavel Sinenko, Maxim Starodubov, Artem Ushkov on February 11, 2026 at 2:00 pmWe disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
- Spam and phishing in 2025
by Tatyana Kulikova, Olga Altukhova, Roman Dedenok, Andrey Kovtun, Irina Shimko, Anna Lazaricheva on February 11, 2026 at 10:00 amThe report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
- Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
by Kaspersky on February 5, 2026 at 9:00 amWe analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
- The Notepad++ supply chain attack β unnoticed execution chains and new IoCs
by Georgy Kucherin, Anton Kargin on February 3, 2026 at 8:10 amKaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
- Supply chain attack on eScan antivirus: detecting and remediating malicious updates
by Georgy Kucherin, Kirill Korchemny, Ilya Savelyev on January 29, 2026 at 3:07 pmOn January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.
- HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
by Fareed Radzi on January 27, 2026 at 8:00 amKaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
- The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
by Noushin Shabab on December 29, 2025 at 10:00 amKaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
- Threat landscape for industrial automation systems in Q3 2025
by Kaspersky ICS CERT on December 25, 2025 at 10:00 amThe report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.
Securelist
We are an ethical website cyber security team and we perform security assessments to protect our clients.