This report summarizes patch deployment behavior observed in Acronis telemetry during the second half of 2025. It focuses on patching for Microsoft and third-party applications, and on not whether patching can be done, but how fast patches are actually applied across all devices.

Russian-linked threat actors actively exploit newly patched Microsoft office zero day in targeted attacks, Fintech giant Betterment reports major data exposure affecting 1.4 million users, and more. Here are the latest threats to MSP security.

Over the past few weeks, OpenClaw has rapidly evolved from a niche open‑source project into one of the most widely discussed examples of agentic AI in practice. This combination of intelligence, autonomy and integration is precisely why OpenClaw has captured attention across developer and security communities. It is also why it has become a focal point for serious security concerns.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in January 2026 and reflect threats that Acronis detected, as well as news stories from the public domain.

Acronis' Threat Research Unit (TRU) has uncovered a malware campaign, dubbed CRESCENTHARVEST, potentially targeting supporters of Iran's ongoing protests with the goal of information theft and long-term espionage.

The Acronis Threat Research Unit (TRU) analyzed the latest version of LockBit ransomware (version 5), which targets Windows, Linux and ESXi systems, and shares some similarities with the previous version 4.

Unsecured MongoDB databases remain easy targets for data exfiltration and extortion campaigns, ShinyHunters’ leak claims prompt Match Group to confirm limited data exposure event, and more. Here are the latest threats to MSP security.