aspersky Global Research and Analysis Team( GReAT) has uncovered an active malicious campaign distributing a

Beyond standard remote access trojan functionality, CrystalX RAT combines stealer, keylogger, clipper and spyware capabilities. Cybercriminals are selling it to third parties as Malware-as-a-

Service, promoting it on YouTube and Telegram, increasing the likelihood of its use across a wider range of actors, including l ess-skilled operators.

The malware gathers system information, extracts credentials for Steam, Discord and Telegram, and harvests data from web browsers. It also poses a threat to cryptocurrency users, as it includes a browserbased clipper that replaces crypto wallet addresses.

Beyond data theft, CrystalX RAT is capable of full-scale surveillance, with the ability to take screenshots, record audio from the microphone and capture video from both the webcam and the victim’ s screen.

Particularly notable is the‘ prankware’ feature set, which is actively promoted by the developers. These capabilities allow operators to visibly interfere with the victim’ s system by shaking the mouse cursor, setting wallpapers on the victim’ s screen, changing screen orientation, hiding desktop icons, forcing system shutdowns and delivering real-time pop-up notifications to the victim. While seemingly trivial, these features introduce a disruptive and psychological dimension to the attack, making it both visible and distressing for the victim.

ophos has released findings from a global study based on responses from 5,000 organisations across 17 countries,

The Cybersecurity Trust Reality 2026 Report reveals a critical challenge facing CISOs – that trust in cybersecurity vendors is fragile, difficult to measure and shaping the risk posture at operational and board levels.

Trust has become a defining factor in cybersecurity decisionmaking, yet the research shows that nearly all organisations lack full confidence in their cybersecurity vendors.

Key findings:

• 95 % of respondents said they do not have full trust in their cybersecurity vendors

• 79 % struggle to assess the trustworthiness of new cybersecurity partners, with 62 % finding it challenging for existing vendors

• More than half( 51 %) report increased anxiety about the likelihood of a significant cyber incident as a direct result of lack of trust

For CISOs, trust gaps create operational friction, slower decision-making and higher vendor turnover. Trusted cybersecurity partners reduce risk and build more resilient organisations.

Ross McKerchar, CISO at

Sophos, said:“ Trust is not an abstract concept in cybersecurity, it’ s a measurable risk factor. When organisations can’ t independently verify a vendor’ s security maturity, transparency and incident handling practices, that uncertainty flows directly into boardrooms and security strategies. CISOs are being asked to prove trust, not assume it. Cybersecurity providers must do the same.”

10 WWW. INTELLIGENTCISO. COM