CyberSecure Specialist

23 Dec

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

Information

ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely. Our root cause analysis allowed us to pinpoint the exact location of the faulty code and reproduce the crash.…

Read More
22 Dec

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) have released an initial draft of Interagency Report (IR) 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report is in response to Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, providing implementation guidance to help federal agencies and cloud service providers…

Read More
19 Dec

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Information

In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of which had substantial ties to any previously tracked threat actors. Based on our findings, we decided to attribute the malicious tools to a new China-aligned APT group that we have named LongNosedGoblin. The group employs a varied custom toolset consisting mainly of C#/.NET…

Read More
19 Dec

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Information, Insights

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all. FREE…

Read More
19 Dec

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense evasion mechanisms, such as running as background services, and enhanced command and control capabilities through encrypted WebSocket connections. The…

Read More
17 Dec

ESET Threat Report H2 2025

Information

ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 16 Dec 2025  •  , 2 min. read The second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape. AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known…

Read More
16 Dec

Most Parked Domains Now Serving Malicious Content

Information, Insights

Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware. A lookalike domain to the FBI Internet Crime Complaint Center website, returned a non-threatening…

Read More
13 Dec

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Information

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025  •  , 3 min. read “A City of a Thousand Zero Days” is the partial title of a talk at Black Hat Europe 2025. I am sure you will appreciate why these few words sparked my interest enough to dedicate time to the presentation; especially given that back in 2019 I…

Read More
12 Dec

Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity

Information

I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity. And that need for clarity is now more urgent than ever. Cybersecurity leaders and agencies, including…

Read More
12 Dec

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Information

Business Security Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims Tony Anscombe 11 Dec 2025  •  , 4 min. read Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’. The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s research into their practices and operations. At their height, between 2022-2024, the…

Read More