CyberSecure Specialist

31 Dec

This month in security with Tony Anscombe – December 2025 edition

Information

As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year 29 Dec 2025 As we close out 2025, it’s time for ESET Chief Security Evangelist Tony Anscombe to review some of the main cybersecurity stories from both the final month of the year and 2025 as a whole. Among the stories that caught Tony’s eye are: U.S.-based organizations paid…

Read More
29 Dec

Happy 16th Birthday, KrebsOnSecurity.com!

Information, Insights

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. Image: Shutterstock, Younes Stiller Kraske. In May 2024, we…

Read More
29 Dec

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Information, Malware, News

The popular text and code editing software EmEditor was recently targeted in a supply chain attack that resulted in the distribution of infostealer malware. Developed by Redmond-based Emurasoft, Inc., EmEditor is a high-performance Windows tool designed for coding, text editing, and processing large files. In a security incident notice posted on the official website on December 22, the software’s developers warned that individuals who had downloaded EmEditor using the ‘download now’ button between December 19,…

Read More
24 Dec

A brush with online fraud: What are brushing scams and how do I stay safe?

Information

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. Phil Muncaster 23 Dec 2025  •  , 5 min. read Global e-commerce sales are predicted to exceed $6.4 trillion in 2025. And a large share of these will come via marketplaces. But while they ostensibly offer convenience and safety for consumers and expanded reach for businesses, there is a…

Read More
23 Dec

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

Information

ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely. Our root cause analysis allowed us to pinpoint the exact location of the faulty code and reproduce the crash.…

Read More
22 Dec

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) have released an initial draft of Interagency Report (IR) 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report is in response to Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, providing implementation guidance to help federal agencies and cloud service providers…

Read More
19 Dec

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Information

In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of which had substantial ties to any previously tracked threat actors. Based on our findings, we decided to attribute the malicious tools to a new China-aligned APT group that we have named LongNosedGoblin. The group employs a varied custom toolset consisting mainly of C#/.NET…

Read More
19 Dec

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Information, Insights

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all. FREE…

Read More
19 Dec

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense evasion mechanisms, such as running as background services, and enhanced command and control capabilities through encrypted WebSocket connections. The…

Read More
17 Dec

ESET Threat Report H2 2025

Information

ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 16 Dec 2025  •  , 2 min. read The second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape. AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known…

Read More