Stay ahead with intelligence-driven cyberthreat research and reporting

This report summarizes patch deployment behavior observed in Acronis telemetry during the second half of 2025. It focuses on patching for Microsoft and third-party applications, and on not whether patching can be done, but how fast patches are actually applied across all devices.

Over the past few weeks, OpenClaw has rapidly evolved from a niche open‑source project into one of the most widely discussed examples of agentic AI in practice. This combination of intelligence, autonomy and integration is precisely why OpenClaw has captured attention across developer and security communities. It is also why it has become a focal point for serious security concerns.

The Acronis Threat Research Unit (TRU) analyzed the latest version of LockBit ransomware (version 5), which targets Windows, Linux and ESXi systems, and shares some similarities with the previous version 4.

Operation Winter SHIELD is an FBI Cyber Division initiative that has distilled theoretical best practices into ten concrete actions designed to reduce the likelihood of system compromise when attackers strike, and limit damage when incidents occur by focusing on controls that matter most in practice, not on paper.

Acronis Threat Research Unit (TRU) has been tracking Transparent Tribe, also known as APT36, and has uncovered a campaign that stands out for its use of startup-oriented, themed lure material delivered via an ISO container-based file.

Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.