Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Threat Categories

Spam and Phishing

Spam and phishing in 2025

Following the digital trail: what happens to data stolen in a phishing attack

To buy or not to buy: How cybercriminals capitalize on Black Friday

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

APT (Targeted attacks)

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Vulnerabilities and exploits

Exploits and vulnerabilities in Q2 2025

Driver of destruction: How a legitimate driver is being used to take down AV processes

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

Windows malware

Arkanix Stealer: a C++ & Python infostealer

The game is over: when “free” comes at too high a price. What we know about RenEngine

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

Financial threats

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Frogblight threatens you with a court case: a new Android banker targets Turkish users

To buy or not to buy: How cybercriminals capitalize on Black Friday

Deep analysis of the flaw in BetterBank reward logic

Unix and macOS malware

Arkanix Stealer: a C++ & Python infostealer

Kaspersky Security Bulletin 2025. Statistics

IT threat evolution in Q3 2025. Non-mobile statistics

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails