Internet Security
BladedFeline: Whispering in the dark
ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig...
Don’t let dormant accounts become a doorway for cybercriminals
Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order....
This month in security with Tony Anscombe – May 2025 edition
From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news...
Word to the wise: Beware of fake Docusign emails
Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data...
Danabot under the microscope
ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure...
Danabot: Analyzing a fallen empire
ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation...
Lumma Stealer: Down for the count
The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies...
ESET takes part in global operation to disrupt Lumma Stealer
Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation...
The who, where, and how of APT attacks in Q4 2024–Q1 2025
ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report...
ESET APT Activity Report Q4 2024–Q1 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025...
Sednit abuses XSS flaws to hit gov't entities, defense companies
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU...
Operation RoundPress
ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities...
How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)
Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world....
Catching a phish with many faces
Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly...
Beware of phone scams demanding money for ‘missed jury duty’
When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer....
Toll road scams are in overdrive: Here’s how to protect yourself
Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam....
RSAC 2025 wrap-up – Week in security with Tony Anscombe
From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions...
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks...
This month in security with Tony Anscombe – April 2025 edition
From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity...
How safe and secure is your iPhone really?
Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors....
Deepfake 'doctors' take to TikTok to peddle bogus cures
Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements...
How fraudsters abuse Google Forms to spread scams
The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe....
Will super-smart AI be attacking us anytime soon?
What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better....
CapCut copycats are on the prowl
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead...
They’re coming for your data: What are infostealers and how do I stay safe?
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data...
Attacks on the education sector are surging: How can cyber-defenders respond?
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?...
Watch out for these traps lurking in search results
Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results...
So your friend has been hacked: Could you be next?
When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe....
1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t....
The good, the bad and the unknown of AI: A Q&A with Mária Bieliková
The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us...
This month in security with Tony Anscombe – March 2025 edition
From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news...
Resilience in the face of ransomware: A key to business survival
Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage...
Making it stick: How to get the most out of cybersecurity training
Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near...
RansomHub affiliates linked to rival RaaS gangs
ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions...
FamousSparrow resurfaces to spy on targets in the US, Latin America
Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time...
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play...
You will always remember this as the day you finally caught FamousSparrow
ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor...
Operation FishMedley
ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON...
MirrorFace updates toolset, expands targeting to Europe
The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure...
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor...
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)
Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams...
When IT meets OT: Cybersecurity for the physical world
While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat...
Don’t let cybercriminals steal your Spotify account
Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow...
AI-driven deception: A new face of corporate fraud
Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses...
Kids behaving badly online? Here's what parents can do
By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age...
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights
Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution...
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani
Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media...
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights
With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?...
This month in security with Tony Anscombe – February 2025 edition
Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news...
Laurie Anderson: Building an ARK | Starmus highlights
The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times...
Fake job offers target software developers with infostealers
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers...
DeceptiveDevelopment targets freelance developers
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges...
No, you’re not fired – but beware of job termination scams
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff...
Katharine Hayhoe: The most important climate equation | Starmus highlights
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action...
Gaming or gambling? Lifting the lid on in-game loot boxes
The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down...
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security....
How AI-driven identity fraud is causing havoc
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back...
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?...
Patch or perish: How organizations can master vulnerability management
Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching...
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights
Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?...
How scammers are exploiting DeepSeek's rise
As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek...
This month in security with Tony Anscombe – January 2025 edition
DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy...
Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so...
Brian Greene: Until the end of time | Starmus highlights
The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity...
Going (for) broke: 6 common online betting scams and how to avoid them
Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers...
The evolving landscape of data privacy: Key trends to shape 2025
Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams...
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon...
Under lock and key: Protecting corporate data from cyberthreats in 2025
Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage...
UEFI Secure Boot: Not so secure
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems...
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
The story of a signed UEFI application allowing a UEFI Secure Boot bypass...
Cybersecurity and AI: What does 2025 have in store?
In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats...
Protecting children online: Where Florida’s new law falls short
Some of the state’s new child safety law can be easily circumvented. Should it have gone further?...
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe
As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe...
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone
The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats...
AI moves to your PC with its own special hardware
Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU....
Gary Marcus: Taming Silicon Valley | Starmus highlights
The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness...
This month in security with Tony Anscombe – December 2024 edition
From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news...
Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights
The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess...
ESET Research Podcast: Telekopye, again
Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'...
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)
ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud...
Cybersecurity is never out-of-office: Protecting your business anytime, anywhere
While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year...
ESET Threat Report H2 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025...
ESET Threat Report H2 2024
A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts...
Black Hat Europe 2024: Hacking a car – or rather, its infotainment system
Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow...
Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization
Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems...
Black Hat Europe 2024: Can AI systems be socially engineered?
Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?...
How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)
As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?...
Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks
Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost...
Philip Torr: AI to the people | Starmus highlights
We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact...
Achieving cybersecurity compliance in 5 steps
Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements...
Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights
ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks...
Month in security with Tony Anscombe – November 2024 edition
Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news...
Scams to look out for this holiday season
‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree...
Bootkitty marks a new chapter in the evolution of UEFI threats
ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats...
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET researchers analyze the first UEFI bootkit designed for Linux systems...
Firefox and Windows zero days chained to deliver the RomCom backdoor
The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds...
RomCom exploits Firefox and Windows zero days in the wild
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit...
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood...
Kathryn Thornton: Correcting Hubble's vision | Starmus highlights
The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible...
My information was stolen. Now what?
The slow and painful recovery process...