Information

30 Jun

Senator Chides FBI for Weak Advice on Mobile Security

Information, Insights

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the…

Read More
29 Jun

This month in security with Tony Anscombe – June 2025 edition

Information

From Australia’s new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news 28 Jun 2025 It’s that time of month when ESET Chief Security Evangelist Tony Anscombe looks at the most impactful cybersecurity news of the past 30 or so days. Here’s some of what caught his eye in June 2025: new legislation in Australia that mandates that certain organizations report ransomware payments within 72 hours…

Read More
27 Jun

ESET Threat Report H1 2025

Information

ESET Research Threat Reports A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 26 Jun 2025  •  , 2 min. read From novel social engineering techniques to sophisticated mobile threats and major infostealer disruptions, the threat landscape in the first half of 2025 was anything but boring. One of the most striking developments this period was the emergence…

Read More
12 Jun

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Information, Insights

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. Image: Infoblox. In November 2024, researchers at the security firm Qurium published an investigation…

Read More
10 Jun

Patch Tuesday, June 2025 Edition

Information, Insights

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public. The sole zero-day flaw this month is CVE-2025-33053, a remote code execution flaw in the Windows implementation of WebDAV — an HTTP extension that lets users remotely…

Read More
06 Jun

BladedFeline: Whispering in the dark

Information

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor that has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government (KRG). This group develops malware for maintaining and expanding access within organizations in Iraq and the KRG. While this is our first blogpost covering BladedFeline, we discovered the…

Read More
05 Jun

Proxy Services Feast on Ukraine’s IP Address Exodus

Information, Insights

Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs). The findings come in a report that examines how the Russian…

Read More
04 Jun

Don’t let dormant accounts become a doorway for cybercriminals

Information

Digital Security Do you have online accounts you haven’t used in years? If so, a bit of digital spring cleaning might be in order. Phil Muncaster 02 Jun 2025  •  , 5 min. read The longer our digital lives, the more online accounts we’re likely to accrue. Can you even remember all the services you’ve signed up to over the years? It could be that free trial you started and never cancelled. Or that app…

Read More
01 Jun

This month in security with Tony Anscombe – May 2025 edition

Information

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it’s a wrap on another month filled with impactful cybersecurity news 30 May 2025 It’s that time of month again when ESET Chief Security Evangelist Tony Anscombe offers his take on some of the most impactful cybersecurity news of the past 30 or so days. Here’s a selection of what stood out to him in May 2025: a warning from…

Read More
29 May

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Information, Insights

Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. “Americans lose billions of dollars annually to these cyber scams,…

Read More