AV vendor disputes security shop’s update server claims • The Register

https://www.theregister.com/2026/01/29/escan_morphisec_dispute/

Publish Date: 2026-01-29 11:58:00

A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.

Morphisec fired the opening salvo with a blog post calling the incident a “critical supply-chain compromise,” alleging hackers used eScan’s own update system to push malicious files and interfere with cleanup. MicroWorld Technologies-owned eScan, however, says that Morphisec’s account is wrong on multiple fronts.

In a statement to The Register, eScan said it detected suspicious activity through its internal monitoring before any external notification and initiated incident response the same day.

“eScan detected suspicious activity through our internal monitoring systems on January 20, 2026, and immediately initiated our incident response protocol,” a spokesperson said. “We issued a preliminary security advisory to customers on January 21, 2026, along with a remediation patch.”

The company alleges Morphisec published its blog and accompanying social posts later that day, claiming discovery and mischaracterizing the incident’s technical details and scope.

The customer advisory eScan sent to affected users on January 22, as seen by The Register, offers a much narrower version of events. An unauthorized user gained access to configuration on a single regional update server, resulting in a rogue file briefly appearing in the update path for about two hours on January 20. The advisory states that the file distributed was not an official eScan binary or a legitimate update, and that no vulnerability existed in the eScan product itself.

According to eScan, machines that downloaded updates from the affected server during the short window could suddenly stop updating, display error pop-ups, or have their hosts files modified in a way…

Source