TRU Security Acronis

Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.

24. 11. 2025

Acronis Threat Research Unit (TRU) observed a global malvertising / SEO campaign, tracked as “TamperedChef.” It delivers legitimate-looking installers that disguise as common applications to trick users into installing them, establish persistence and deliver obfuscated JavaScript payloads for remote access and control.

19. 11. 2025

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in October 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

18. 11. 2025

Must-know cybersecurity news for MSPs: GlassWorm, ClickFix, Gootloader and the dangerous new era of AI-powered malware. Review key threats and a major public-sector breach.

10. 11. 2025

Introducing the Acronis TRU Alliance Series. This new series highlights collaborative research analysis between Acronis Threat Research Unit (TRU) and other leading threat intelligence teams. In this first post of our collaboration series, we’ve teamed up with VirusTotal (VT) to share practical insights from Acronis TRU on several recent reports.

10. 11. 2025

Qilin ransomware abuses Windows Subsystem for Linux to deploy Linux encryptors on Windows, Atroposia malware includes built-in vulnerability scanner for targeted exploitation, and more. Here are the latest threats to MSP security.

7. 11. 2025

Here is the MSP cybersecurity news digest for October 21, 2025 from the Acronis Threat Research Unit (TRU).

4. 11. 2025

Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.

4. 11. 2025

Urgent WSUS RCE flaw actively exploited! Plus: Fake LastPass inheritance emails steal vaults, Iran's MuddyWater APT targets government entities and a new RedTiger Discord infostealer.

28. 10. 2025

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in September 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

17. 10. 2025

Medusa exploits GoAnywhere MFT, Discord data leaks via Zendesk, plus Vampire Bot and Qilin ransomware attacks. Get the critical MSP cybersecurity news and defense actions now.

13. 10. 2025

Harrods breach tied to supplier compromise leaks 430,000 records, MatrixPDF toolkit weaponizes PDFs for phishing and malware delivery, and more. Here are the latest threats to MSP security.

6. 10. 2025

Here is the Acronis Threat Research Unit (TRU) MSP cybersecurity news digest, September 29, 2025

29. 9. 2025

Major European airports including Heathrow, Brussels, Berlin, and Dublin have reported disruptions in check-in, boarding, and kiosk systems. The outages have been linked to Collins Aerospace’s passenger processing platform MUSE, a system used across many international airports.

25. 9. 2025

Here is the weekly digest with news from Acronis TRU for the week of September 23, 2025

23. 9. 2025

Acronis' Threat Research Unit discovered a rare in-the-wild example of a FileFix attack — a new variant of the now infamous ClickFix attack vector.

16. 9. 2025

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in August 2025 and reflect threats that Acronis detected, as well as news stories from the public domain.

11. 9. 2025

Over the past months, Acronis TRU (Threat Research Unit) has identified multiple active and ongoing campaigns leveraging trojanized versions of ConnectWise ScreenConnect to gain initial access to victim networks and compromise target machines.

3. 9. 2025

Stay informed on the latest cyber threats: The Orange Belgium data breach affects 850,000 customers. The Warlock ransomware gang targets UK telecom Colt Technology Services, auctioning stolen documents. A Miljödata attack disrupts services for hundreds of Swedish municipalities. Learn about the ZipLine campaign targeting US supply chain manufacturers with MixShell Malware, and the ShadowSilk data exfiltration group.

1. 9. 2025

Microsoft patches 107 vulnerabilities, including Windows Kerberos zero day, PEAR ransomware gang leaks 1.26TB of Alt Vision data, and more. Here are the latest threats to MSP security.

25. 8. 2025