ESET

New threat group uses custom tools to hijack search results

China, cybercrime, ESET, News, threats /

New threat group uses custom tools to hijack search results 2025-09-04 at 12:02 By Anamarija Pogorelec ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET) […]

React to this headline:

Loading spinner

New threat group uses custom tools to hijack search results Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Anthropic, APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, ESET, extortion, Hot stuff, LLMs, News, North Korea /

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

React to this headline:

Loading spinner

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

Fake macOS help sites push Shamos infostealer via ClickFix technique

Check Point, CrowdStrike, Don't miss, ESET, Hot stuff, macOS, malvertising, Malware, Microsoft, News, social engineering /

Fake macOS help sites push Shamos infostealer via ClickFix technique 2025-08-25 at 15:23 By Zeljka Zorz Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installation, the malware peddlers

React to this headline:

Loading spinner

Fake macOS help sites push Shamos infostealer via ClickFix technique Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

0-day, APT, backdoor, BI.ZONE, Canada, cyber espionage, Don't miss, ESET, Europe, exploit, Hot stuff, News, Russian Federation, spear-phishing, WinRAR /

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

React to this headline:

Loading spinner

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

WinRAR zero day exploited by RomCom hackers in targeted attacks

backdoor, CVE, cybersecurity, ESET, News, software, vulnerability, WinRAR /

WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable

React to this headline:

Loading spinner

WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »

AsyncRAT evolves as ESET tracks its most popular malware forks

cybercrime, cybersecurity, Don't miss, ESET, Keylogger, Malware, News, Remote Access Trojan, research, trojan /

AsyncRAT evolves as ESET tracks its most popular malware forks 2025-07-15 at 12:50 By Sinisa Markovic AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more. Its simplicity and open-source design have made it

React to this headline:

Loading spinner

AsyncRAT evolves as ESET tracks its most popular malware forks Read More »

ClickFix attacks skyrocketing more than 500%

attacks, authentication, cybercrime, cybersecurity, Don't miss, ESET, News, phishing, research, scams /

ClickFix attacks skyrocketing more than 500% 2025-06-26 at 12:02 By Sinisa Markovic ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends from December 2024

React to this headline:

Loading spinner

ClickFix attacks skyrocketing more than 500% Read More »

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Cofense, ESET, Firebase, Fraud & Identity Theft, Google, Malware & Threats, Trellix /

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns 2025-05-30 at 18:01 By Ionut Arghire Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages. The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns Read More »

DanaBot botnet disrupted, QakBot leader indicted

court, CrowdStrike, Don't miss, ESET, Eurojust, Europol, Fox-IT, Hot stuff, law enforcement, News, Proofpoint, Shadowserver, US DoJ, Zscaler /

DanaBot botnet disrupted, QakBot leader indicted 2025-05-23 at 14:17 By Zeljka Zorz Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame 2.0 Coordinated by

React to this headline:

Loading spinner

DanaBot botnet disrupted, QakBot leader indicted Read More »

Lumma Stealer Malware-as-a-Service operation disrupted

BitSight, Cloudflare, data theft, disruption, Don't miss, ESET, Europol, Hot stuff, Lumen, Malware, Microsoft, News, US DoJ /

Lumma Stealer Malware-as-a-Service operation disrupted 2025-05-21 at 21:21 By Zeljka Zorz A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most significant infostealer threat at the moment. What is Lumma Stealer? Lumma Stealer is Malware-as-a-Service offering beloved by a wide

React to this headline:

Loading spinner

Lumma Stealer Malware-as-a-Service operation disrupted Read More »

Nation-state APTs ramp up attacks on Ukraine and the EU

China, cyber espionage, cybersecurity, ESET, EU, News, North Korea, report, Russian Federation, survey, Ukraine /

Nation-state APTs ramp up attacks on Ukraine and the EU 2025-05-21 at 07:02 By Help Net Security Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber threats The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new

React to this headline:

Loading spinner

Nation-state APTs ramp up attacks on Ukraine and the EU Read More »

Russia-linked hackers target webmail servers in Ukraine-related espionage operation

APT, cyber espionage, email security, ESET, News, Russian Federation, XSS /

Russia-linked hackers target webmail servers in Ukraine-related espionage operation 2025-05-15 at 12:01 By Help Net Security ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential

React to this headline:

Loading spinner

Russia-linked hackers target webmail servers in Ukraine-related espionage operation Read More »

ESET Vulnerability Exploited for Stealthy Malware Execution

ESET, exploited, ToddyCat, Vulnerabilities, vulnerability /

ESET Vulnerability Exploited for Stealthy Malware Execution 2025-04-08 at 15:32 By Ionut Arghire A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery. The post ESET Vulnerability Exploited for Stealthy Malware Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

ESET Vulnerability Exploited for Stealthy Malware Execution Read More »

Android financial threats: What businesses need to know to protect themselves and their customers

Android, authentication, Cryptocurrency, cybersecurity, Don't miss, ESET, Expert analysis, Expert corner, financial industry, Hot stuff, News, online banking, opinion, threats /

Android financial threats: What businesses need to know to protect themselves and their customers 2025-03-28 at 08:30 By Help Net Security The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates

React to this headline:

Loading spinner

Android financial threats: What businesses need to know to protect themselves and their customers Read More »

Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool

cybercime, ESET, News, Ransomware, research /

Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool 2025-03-26 at 17:02 By Help Net Security ESET researchers have published an in-depth analysis highlighting significant shifts within the ransomware landscape, spotlighting the rise of RansomHub. This relatively new ransomware-as-a-service operation has quickly come to dominate the scene. “The fight against ransomware reached two milestones

React to this headline:

Loading spinner

Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool Read More »

China-linked FamousSparrow APT group resurfaces with enhanced capabilities

APT, China, cybercrime, cybersecurity, Don't miss, ESET, News, research, USA /

China-linked FamousSparrow APT group resurfaces with enhanced capabilities 2025-03-26 at 17:02 By Help Net Security ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s system: malicious tools

React to this headline:

Loading spinner

China-linked FamousSparrow APT group resurfaces with enhanced capabilities Read More »

Freelance Software Developers in North Korean Malware Crosshairs

AnyDesk, DeceptiveDevelopment, ESET, fake IT workers, LinkedIn, Malware & Threats, Nation-State, North Korea /

Freelance Software Developers in North Korean Malware Crosshairs 2025-02-21 at 18:01 By Ionut Arghire ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters. The post Freelance Software Developers in North Korean Malware Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Freelance Software Developers in North Korean Malware Crosshairs Read More »

Hackers pose as employers to steal crypto, login credentials

cyber espionage, cybercrime, Don't miss, ESET, News, North Korea, research, scams, threats /

Hackers pose as employers to steal crypto, login credentials 2025-02-20 at 12:03 By Help Net Security Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded

React to this headline:

Loading spinner

Hackers pose as employers to steal crypto, login credentials Read More »

Crypto-stealing iOS, Android malware found on App Store, Google Play

Android, App store, Cryptocurrency, Don't miss, ESET, Google Play, Hot stuff, iOS, Kaspersky, Malware, News /

Crypto-stealing iOS, Android malware found on App Store, Google Play 2025-02-05 at 13:25 By Zeljka Zorz A number of iOS and Android apps on Apple’s and Google’s official app stores contain a software development kit (SDK) that allows them to exfiltrate cryptowallets’ seed recovery phrases, Kaspersky researchers have found. “The infected apps in Google Play

React to this headline:

Loading spinner

Crypto-stealing iOS, Android malware found on App Store, Google Play Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

APT, backdoor, China, cyber espionage, cybercrime, ESET, Malware, News, report, VPN /

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

React to this headline:

Loading spinner

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

Scroll to Top