Information

ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure. Key points in this blogpost: We analyzed the network implant EdgeStepper to understand how PlushDaemon attackers compromise their targets. We provide an analysis of LittleDaemon and DaemonicLogistics, two downloaders…

Read More

Does your chatbot know too much? Here’s why you should think twice before you tell your AI companion everything. Phil Muncaster 17 Nov 2025  •  , 4 min. read In the movie “Her” the film’s hero strikes up an ultimately doomed romantic relationship with a sophisticated AI system. At the time of its release in 2013, such a scenario was firmly in the realms of science fiction. But with the emergence of generative AI (GenAI)…

Read More

Digital Security Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe Phil Muncaster 13 Nov 2025  •  , 5 min. read The average internet user has an estimated 168 passwords for their personal accounts, according to a study from 2024. That’s a massive 68% increase on the tally four years previously. Given the security risks associated with sharing credentials across accounts, and of…

Read More

This blogpost introduces our latest white paper, presented at Virus Bulletin 2025, where we detail the operations of the North Korea-aligned threat actor we call DeceptiveDevelopment and its connections to North Korean IT worker campaigns. The white paper provides full technical details, including malware analysis, infrastructure, and OSINT findings. Here, we summarize the key insights and highlight the broader implications of this hybrid threat. Key points of this blogpost: The invention and focus of the…

Read More