Intelligence Feed
FrostyNeighbor: Fresh mischief and digital shenanigans
WeLiveSecurity
14 May 2026
SEV 4/10
FrostyNeighbor: Fresh mischief and digital shenanigans ESET Research ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations Damien Schaeffer 14 May 2026 10 min. read This blogpost covers newly discovered activities attributed to FrostyNeighbor, targeting governmental organizations in Ukraine. FrostyNeighbor has been running continual cyberoperations, changing and updating its toolset regularly, updating its compromise chain and methods to evade detection – targeting victims located in Eastern Europe, according to our telemetry.
Eyes wide open: How to mitigate the security and privacy risks of smart glasses
WeLiveSecurity
11 May 2026
SEV 3/10
Eyes wide open: How to mitigate the security and privacy risks of smart glasses Privacy Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Phil Muncaster 11 May 2026 5 min.
Fake call logs, real payments: How CallPhantom tricks Android users
WeLiveSecurity
07 May 2026
SEV 3/10
Fake call logs, real payments: How CallPhantom tricks Android users ESET Research ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down Lukas Stefanko 07 May 2026 11 min. read There’s an app for everything nowadays… right? Well, looking up call records for a phone number of choice is one of those things, as potentially millions of Android users found out after paying for app subscriptions promising just that.
Fixing the password problem is as easy as 123456
WeLiveSecurity
07 May 2026
SEV 3/10
Fixing trivial passwords is as easy as 123456 Digital Security Fixing the password problem is as easy as 123456 How come it’s still possible to ‘secure’ an online account with a six-digit string? Tony Anscombe 07 May 2026 4 min. read most-used password globally is exactly what you think it is: ‘123456.’ That’s according to NordPass ’s latest annual report on passwords exposed in data breaches globally.
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
WeLiveSecurity
05 May 2026
SEV 4/10
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack ESET Research ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games Filip Jurčacko 05 May 2026 18 min. read ESET researchers uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor.
The calm before the ransom: What you see is not all there is
WeLiveSecurity
24 Apr 2026
SEV 4/10
The calm before the ransomware storm: What you see is not all there is Ransomware The calm before the ransom: What you see is not all there is A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability Tomáš Foltýn 24 Apr 2026 5 min. read There’s a bit of a pattern in the history of organizational failures that repeats too often to be a coincidence: A system runs smoothly for a long stretch, causing everyone to grow confident in it. Almost invariably, this also quietly erodes the vigilance that kept the system running smoothly in the first place.
GopherWhisper: A burrow full of malware
WeLiveSecurity
23 Apr 2026
SEV 3/10
GopherWhisper: A burrow full of malware ESET Research ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions Eric Howard 23 Apr 2026 6 min. read ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal.
New NGate variant hides in a trojanized NFC payment app
WeLiveSecurity
21 Apr 2026
SEV 4/10
New NGate variant hides in a trojanized NFC payment app ESET Research ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI Lukas Stefanko 21 Apr 2026 10 min. read ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated.
What the ransom note won’t say
WeLiveSecurity
20 Apr 2026
SEV 4/10
Ransomware’s back office: What the ransom note won’t say Ransomware What the ransom note won’t say An attack is what you see, but a business operation is what you’re up against Tomáš Foltýn 20 Apr 2026 8 min. read In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint . They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S.
That data breach alert might be a trap
WeLiveSecurity
17 Apr 2026
SEV 4/10
Why that next data breach alert could be a trap Scams That data breach alert might be a trap Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Phil Muncaster 17 Apr 2026 5 min. read Receiving a data breach notice may have once been a rare event.
Supply chain dependencies: Have you checked your blind spot?
WeLiveSecurity
16 Apr 2026
SEV 5/10
Supply chain dependencies: Have you checked your blind spot? Business Security Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
WeLiveSecurity
10 Apr 2026
SEV 3/10
Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ Scams Recovery scammers hit you when you’re down: Here’s how to avoid a second strike If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. Phil Muncaster 10 Apr 2026 5 min. read The worst thing you can do after falling victim to fraud is let your guard down.
As breakout time accelerates, prevention-first cybersecurity takes center stage
WeLiveSecurity
07 Apr 2026
SEV 4/10
As breakout time accelerates, prevention-first cybersecurity takes center stage Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster 07 Apr 2026 4 min.
Digital assets after death: Managing risks to your loved one’s digital estate
WeLiveSecurity
01 Apr 2026
SEV 3/10
Digital assets after death: Managing risks to your loved one’s digital estate Digital Security Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Phil Muncaster 01 Apr 2026 5 min.
A cunning predator: How Silver Fox preys on Japanese firms this tax season
WeLiveSecurity
27 Mar 2026
SEV 3/10
A cunning predator: How Silver Fox preys on Japanese firms this tax season Business Security Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them Dominik Breitenbacher Takahiro Sajima 27 Mar 2026 4 min. read Japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and HR‑related communications. A threat actor known as Silver Fox is actively exploiting this busy period by conducting a targeted spearphishing campaign against Japanese manufacturers and other businesses.
Virtual machines, virtually everywhere – and with real security gaps
WeLiveSecurity
25 Mar 2026
SEV 4/10
Virtual machines, virtually everywhere – but not all protected Business Security Virtual machines, virtually everywhere – and with real security gaps Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves Tomáš Foltýn 25 Mar 2026 7 min. read Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public beta testing before rolling out officially in 2008.
Cloud workload security: Mind the gaps
WeLiveSecurity
24 Mar 2026
SEV 4/10
Cloud workload security: Mind the gaps Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026 4 min. read Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity . For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a " Frankencloud ," a patchwork of private and public cloud environments, often further entangled with various on-premise and possibly legacy resources.
Move fast and save things: A quick guide to recovering a hacked account
WeLiveSecurity
20 Mar 2026
SEV 4/10
Move fast and save things: A quick guide to recovering a hacked account Digital Security What you do – and how fast – after an account is compromised often matters more than it may seem Christian Ali Bravo Tomáš Foltýn 20 Mar 2026 6 min. read Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp , Instagram , LinkedIn , Roblox , YouTube Spotify , not to mention finance apps. No online account is off the table.
EDR killers explained: Beyond the drivers
WeLiveSecurity
19 Mar 2026
SEV 4/10
EDR killers explained: Beyond the drivers ESET Research ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers Jakub Souček 19 Mar 2026 24 min. read In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only then launches the encryptor. Besides the dominating Bring Your Own Vulnerable Driver (BYOVD) technique, we also see attackers frequently abusing legitimate anti-rootkit utilities or using driverless approaches to block the communication of endpoint detection and response (EDR) software or suspend it in place.
Cyber fallout from the Iran war: What to have on your radar
WeLiveSecurity
12 Mar 2026
SEV 4/10
Cyber fallout from the Iran war: What to have on your radar Business Security The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses. Tomáš Foltýn 12 Mar 2026 8 min.
What cybersecurity actually does for your business
WeLiveSecurity
06 Mar 2026
SEV 3/10
What cybersecurity actually does for your business Business Security The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed Tomáš Foltýn 06 Mar 2026 5 min. read Cybersecurity is one of the few business functions where success is typically quiet. From the outside, it may even look uneventful.
How SMBs use threat research and MDR to build a defensive edge
WeLiveSecurity
05 Mar 2026
SEV 4/10
How SMBs use threat research and MDR to build a defensive edge Business Security We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses Ben Tudor 05 Mar 2026 7 min. read Corporate IT and security teams have the unenviable task of keeping relentless and increasingly sophisticated adversaries at bay. They’re often faced with limited resources and expanding attack surfaces, but recruiting and retaining top-tier security professionals to run an in-house Security Operations Centre (SOC) is out of reach for many organizations.
Protecting education: How MDR can tip the balance in favor of schools
WeLiveSecurity
04 Mar 2026
SEV 3/10
Protecting education: How MDR can tip the balance in favor of schools Business Security The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? Phil Muncaster 04 Mar 2026 5 min.
PromptSpy ushers in the era of Android threats using GenAI
WeLiveSecurity
19 Feb 2026
SEV 5/10
PromptSpy ushers in the era of Android threats using GenAI ESET Research ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow Lukas Stefanko 19 Feb 2026 14 min. read ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom , which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner.
Naming and shaming: How ransomware groups tighten the screws on victims
WeLiveSecurity
12 Feb 2026
SEV 4/10
Naming and shaming: How ransomware groups tighten the screws on victims Ransomware When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle Guilherme Arruda Tomáš Foltýn 12 Feb 2026 6 min. read In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone.
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
WeLiveSecurity
02 Feb 2026
SEV 3/10
A slippery slope: Beware of Winter Olympics scams and other cyberthreats Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices. Phil Muncaster 02 Feb 2026 5 min.
This month in security with Tony Anscombe – January 2026 edition
WeLiveSecurity
30 Jan 2026
SEV 3/10
This month in security with Tony Anscombe – January 2026 edition Video The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year Editor 30 Jan 2026 The year got off to a busy start, with January offering an early snapshot of the challenges that (not just) cybersecurity teams are likely to face in the months ahead. It's therefore time for ESET Chief Security Evangelist Tony Anscombe to look back on some of the month's most impactful cybersecurity stories. Here's some of what caught Tony's eye: the IT service management firm ServiceNow has patched what is the most severe AI-driven security vulnerability found to date; if exploited, CVE-2025-12420 could have let unauthenticated attackers pose as admins on the company's AI platform, how unsecured Zendesk support systems were abused to launch a massive spam campaign , cyber-fraud has displaced ransomware as the top concern among CEOs across the world, according to the World Economic Forum , US sports brand Nike is investigating an alleged cybersecurity incident after a ransomware gang claimed to have stolen 1.4 TB worth of data from the company's systems.
DynoWiper update: Technical analysis and attribution
WeLiveSecurity
30 Jan 2026
SEV 4/10
DynoWiper update: Technical analysis and attribution ESET Research ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector 30 Jan 2026 13 min. read In this blog post, we provide more technical details related to our previous DynoWiper publication. Key points of the report: ESET researchers identified new data-wiping malware that we have named DynoWiper, used against an energy company in Poland.
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
WeLiveSecurity
28 Jan 2026
SEV 4/10
Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan ESET Research ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation Lukas Stefanko 28 Jan 2026 10 min. read ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations with specific “girls” – fake profiles probably operated via WhatsApp.
Drowning in spam or scam emails? Here’s probably why
WeLiveSecurity
27 Jan 2026
SEV 3/10
Drowning in spam or scam emails lately? Here’s why Digital Security Drowning in spam or scam emails? Here’s probably why Has your inbox recently been deluged with unwanted and even outright malicious messages?
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
WeLiveSecurity
23 Jan 2026
SEV 4/10
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 ESET Research The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper 23 Jan 2026 2 min. read UPDATE (January 30 th , 2026): For a technical breakdown of the incident affecting a company in Poland’s energy sector, refer to this blogpost . In late 2025, Poland’s energy system faced what has been described as the “ largest cyberattack ” targeting the country in years.
Old habits die hard: 2025’s most common passwords were as predictable as ever
WeLiveSecurity
20 Jan 2026
SEV 4/10
Old habits die hard: 2025’s most common passwords were as predictable as ever Digital Security Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well Christian Ali Bravo 20 Jan 2026 3 min. read ‘123456’ continues to reign supreme as the most commonly-used password among people across the world, according to two reports, from NordPass Comparitech , respectively. A full 25 percent of the top 1,000 most-used passwords are made up of nothing but numerals.
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself
WeLiveSecurity
16 Jan 2026
SEV 4/10
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Social Media The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are. Phil Muncaster 16 Jan 2026 4 min.
Is it time for internet services to adopt identity verification?
WeLiveSecurity
14 Jan 2026
SEV 3/10
Is it time for internet services to adopt identity verification? Social Media Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
Your personal information is on the dark web. What happens next?
WeLiveSecurity
13 Jan 2026
SEV 4/10
Your information is on the dark web. Privacy Your personal information is on the dark web. If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking.
Credential stuffing: What it is and how to protect yourself
WeLiveSecurity
08 Jan 2026
SEV 4/10
Credential stuffing: What it is and how to protect yourself Digital Security Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts Christian Ali Bravo 08 Jan 2026 4 min. read Reusing the same password across multiple accounts may be convenient, but it sets you up for trouble that can cascade across your digital life. This (bad) habit creates the perfect opening for credential stuffing, a technique where bad actors take a list of previously exposed login credentials and systematically feed the username and password pairs into the login fields of selected online services.
A brush with online fraud: What are brushing scams and how do I stay safe?
WeLiveSecurity
23 Dec 2025
SEV 3/10
A brush with online fraud: What are brushing scams and how do I stay safe? Scams Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
WeLiveSecurity
22 Dec 2025
SEV 5/10
Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component ESET Research Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation Romain Dumont 22 Dec 2025 8 min. read ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely.
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
WeLiveSecurity
18 Dec 2025
SEV 4/10
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Research ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions Anton Cherepanov Peter Strýček 18 Dec 2025 24 min. read In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of which had substantial ties to any previously tracked threat actors.
ESET Threat Report H2 2025
WeLiveSecurity
16 Dec 2025
SEV 4/10
ESET Threat Report H2 2025 ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 16 Dec 2025 2 min. read The second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape. AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts on the fly.
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
WeLiveSecurity
11 Dec 2025
SEV 4/10
Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Business Security Black Hat Europe 2025: Reputation matters – even in the ransomware economy Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims Tony Anscombe 11 Dec 2025 4 min. read Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘ Inside the Ransomware Machine’ . The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s research into their practices and operations.
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
WeLiveSecurity
11 Dec 2025
SEV 4/10
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Business Security If you don’t look inside your environment, you can’t know its true state – and attackers count on that Steven Connolly 11 Dec 2025 7 min. read I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity.
The big catch: How whaling attacks target top executives
WeLiveSecurity
09 Dec 2025
SEV 3/10
The biggest catch: How whaling attacks target top executives Business Security The big catch: How whaling attacks target top executives Is your organization’s senior leadership vulnerable to a cyber-harpooning? Phil Muncaster 09 Dec 2025 5 min. read When a hedge fund manager opened up an innocuous Zoom meeting invite , he had little idea of the corporate carnage that was to follow.
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture
WeLiveSecurity
04 Dec 2025
SEV 4/10
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture Business Security Identity is effectively the new network boundary. It must be protected at all costs. Phil Muncaster 04 Dec 2025 4 min.
MuddyWater: Snakes by the riverbank
WeLiveSecurity
02 Dec 2025
SEV 5/10
MuddyWater: Snakes by the riverbank ESET Research MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook 02 Dec 2025 34 min. read ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent targeting of government and critical infrastructure sectors, often leveraging custom malware and publicly available tools.
Oversharing is not caring: What’s at stake if your employees post too much online
WeLiveSecurity
01 Dec 2025
SEV 3/10
Oversharing is not caring: What’s at stake if your employees post too much online Social Media From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble. Phil Muncaster 01 Dec 2025 5 min.
Influencers in the crosshairs: How cybercriminals are targeting content creators
WeLiveSecurity
25 Nov 2025
SEV 3/10
Influencers in the crosshairs: How cybercriminals are targeting content creators Social Media Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters. Phil Muncaster 25 Nov 2025 4 min.
MDR is the answer – now, what’s the question?
WeLiveSecurity
24 Nov 2025
SEV 3/10
MDR is the answer – now, what’s the question? Business Security Why your business needs the best-of-breed combination of technology and human expertise Steven Connolly 24 Nov 2025 4 min. read When I was in my mid-teens, I decided to get a job in a small local garage to learn how to maintain cars in preparation for owning my own.
The OSINT advantage: Find your weak spots before attackers do
WeLiveSecurity
20 Nov 2025
SEV 4/10
The OSINT playbook: Find your weak spots before attackers do Privacy The OSINT advantage: Find your weak spots before attackers do Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots Mario Micucci 20 Nov 2025 5 min. read Whatever the reason, we spend vast amounts of time online, tapping into the untold expanse of information, communication and resources. Sometimes, the challenge isn’t finding some data, but knowing what’s relevant, real and worth trusting.
PlushDaemon compromises network devices for adversary-in-the-middle attacks
WeLiveSecurity
19 Nov 2025
SEV 4/10
PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET Research ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks Facundo Muñoz Dávid Gábriš 19 Nov 2025 10 min. read ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure. Key points in this blogpost: We analyzed the network implant EdgeStepper to understand how PlushDaemon attackers compromise their targets.
How password managers can be hacked – and how to stay safe
WeLiveSecurity
13 Nov 2025
SEV 4/10
Can password managers get hacked? Here’s what to know Digital Security How password managers can be hacked – and how to stay safe Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe Phil Muncaster 13 Nov 2025 5 min. read The average internet user has an estimated 168 passwords for their personal accounts, according to a study from 2024 .
Why shadow AI could be your biggest security blind spot
WeLiveSecurity
11 Nov 2025
SEV 3/10
Why shadow AI could be your biggest security blind spot Business Security From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company Phil Muncaster 11 Nov 2025 5 min. read Shadow IT has long been a thorn in the side of corporate security teams. After all, you can’t manage or protect what you can’t see.
ESET APT Activity Report Q2 2025–Q3 2025
WeLiveSecurity
06 Nov 2025
SEV 4/10
ESET APT Activity Report Q2 2025–Q3 2025 ESET Research Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 Jean-Ian Boutin 06 Nov 2025 4 min. read ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025. The highlighted operations are representative of the broader landscape of threats we investigated during this period.
Ground zero: 5 things to do after discovering a cyberattack
WeLiveSecurity
03 Nov 2025
SEV 4/10
Ground zero: 5 things to do after discovering a cyberattack Business Security When every minute counts, preparation and precision can mean the difference between disruption and disaster Phil Muncaster 03 Nov 2025 5 min. read Network defenders are feeling the heat. The number of data breaches Verizon investigated last year, as a share of overall incidents, was up 20 percentage points on the previous year.
Fraud prevention: How to help older family members avoid scams
WeLiveSecurity
30 Oct 2025
SEV 3/10
Fraud prevention: How to help older family members avoid scams Scams Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically Editor 30 Oct 2025 6 min. read When we talk about fraud that can inflict a severe financial and emotional toll on the victims, it’s not hyperbole. One area where this is increasingly evident is elder fraud, as the amounts of money lost to various kinds of online scams climb sharply every year.
How MDR can give MSPs the edge in a competitive market
WeLiveSecurity
27 Oct 2025
SEV 3/10
How MDR can give MSPs the edge in a competitive market Business Security With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs Phil Muncaster 27 Oct 2025 5 min. read Managed service providers (MSPs) should be in a good place right now. As businesses continue to grow their digital operations, they increasingly need expert partners to help deploy and manage critical IT products and services.
Gotta fly: Lazarus targets the UAV sector
WeLiveSecurity
23 Oct 2025
SEV 4/10
Gotta fly: Lazarus targets the UAV sector ESET Research ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group Peter Kálnai Alexis Rapin 23 Oct 2025 17 min. read ESET researchers have recently observed a new instance of Operation DreamJob – a campaign that we track under the umbrella of North Korea-aligned Lazarus – in which several European companies active in the defense industry were targeted. Some of these are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its drone program.
SnakeStealer: How it preys on personal data – and how you can protect yourself
WeLiveSecurity
22 Oct 2025
SEV 4/10
SnakeStealer: How it preys on personal data – and how to stay safe Malware SnakeStealer: How it preys on personal data – and how you can protect yourself Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts Martina López 22 Oct 2025 3 min. read Infostealers remain one of the most persistent threats on today’s threat landscape. They’re built to quietly siphon off valuable information , typically login credentials and financial and cryptocurrency details, from compromised systems and send it to adversaries.
Minecraft mods: Should you 'hack' your game?
WeLiveSecurity
16 Oct 2025
SEV 4/10
Minecraft mods: When ‘hacking’ your game becomes a security risk Kids Online Minecraft mods: Should you 'hack' your game? Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.
IT service desks: The security blind spot that may put your business at risk
WeLiveSecurity
15 Oct 2025
SEV 4/10
IT service desks: The security blind spot that may put your business at risk Business Security Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap. Phil Muncaster 15 Oct 2025 5 min.
Cybersecurity Awareness Month 2025: Why software patching matters more than ever
WeLiveSecurity
14 Oct 2025
SEV 4/10
Cybersecurity Awareness Month 2025: Why software patching matters more than ever Video As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly. Editor 14 Oct 2025 Last year set a new record for newly-disclosed software vulnerabilities, with the total tally at around 40,000 , an increase of some 30 percent from the year before. As 2025 is on track to set another record all while attackers increasingly exploit vulnerabilities to compromise organizations, a failure to patch your software on time is like an invitation for threat actors to waltz into your network.
AI-aided malvertising: Exploiting a chatbot to spread scams
WeLiveSecurity
13 Oct 2025
SEV 4/10
AI-aided malvertising: How chatbots can help spread scams Digital Security AI-aided malvertising: Exploiting a chatbot to spread scams Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Phil Muncaster 13 Oct 2025 5 min. read We’ve all heard about the dangers posed by social engineering.
Beware of threats lurking in booby-trapped PDF files
WeLiveSecurity
06 Oct 2025
SEV 4/10
Beware of threats lurking in booby-trapped PDF files Malware Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money. Fabiana Ramírez Cuenca 06 Oct 2025 5 min. read PDF files have become a staple of our daily digital lives, both at work and at home.
Manufacturing under fire: Strengthening cyber-defenses amid surging threats
WeLiveSecurity
03 Oct 2025
SEV 4/10
Manufacturing under fire: Strengthening cyber-defenses amid surging threats Business Security Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging Phil Muncaster 03 Oct 2025 5 min. read Manufacturers face a unique mix of risk: they have an extremely low tolerance for downtime, they sit at the heart of extensive and often complex supply chains, and their competitive advantage is often built on high-value intellectual property (IP), including proprietary designs and trade secrets. That’s a combination that should be ringing alarm bells for IT and security leaders working in the sector.
New spyware campaigns target privacy-conscious Android users in the UAE
WeLiveSecurity
02 Oct 2025
SEV 4/10
New spyware campaigns target privacy-conscious Android users in the UAE ESET Research ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates Lukas Stefanko 02 Oct 2025 15 min. read ESET researchers have uncovered two Android spyware campaigns targeting individuals interested in secure communication apps, namely Signal and ToTok. These campaigns distribute malware through deceptive websites and social engineering and appear to target residents of the United Arab Emirates (UAE).