Information

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU 15 May 2025 ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to steal confidential information from specific email accounts belonging to officials working for various governmental organizations in Ukraine and defense contractors in Europe and on other…

Read More

This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit cyberespionage group. The ultimate goal of this operation is to steal confidential data from specific email accounts. Key points of this blogpost: In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page. In…

Read More

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world. 12 May 2025 Online disinformation feels like a constant, overwhelming force, sometimes with all-too-real impacts, as illustrated by events like the Pizzagate conspiracy theory going as far back as 2016. Almost a decade later, why are we still so quick to…

Read More

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly Camilo Gutiérrez Amaya 09 May 2025  •  , 4 min. read Phishing remains a particularly stubborn threat in the cybersecurity landscape. It sticks around partly because even though the bad guys are always after the same prize – people’s login credentials and other sensitive information – they never cease to evolve…

Read More

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer. Phil Muncaster 07 May 2025  •  , 4 min. read Jury duty is one of the key civic duties you may be called upon to serve. But in your haste to fulfil this obligation, you may be targeted by malicious actors preying on your fear of arrest,…

Read More

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. Phil Muncaster 06 May 2025  •  , 4 min. read Driving is a way of life in the US. The country’s sprawling suburbs and nationwide network of highways and toll roads is testament to this. But it also creates a large potential pool of victims for scammers to target, as American drivers have…

Read More

From the power of collaborative defense to identity security and AI, catch up on the event’s key themes and discussions 02 May 2025 That’s a wrap on the RSACTM 2025 Conference, one of the year’s premier cybersecurity events where thousands of security practitioners exchanged their views, ideas and knowledge while discussing the world’s most pressing security challenges. The theme of the 34th annual event, “Many voices. One community.”, turned the spotlight on collaboration and cooperation…

Read More