Information

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another ESET Research 05 Aug 2025  •  , 1 min. read “It’s all fun and games until someone gets hurt” could well be the title of the latest ESET Threat Report, as cybercriminals play new mind games with their victims, wage full-on deathmatches among themselves, and become the hunted…

Read More

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity Tony Anscombe 01 Aug 2025  •  , 5 min. read The UK Government wants access, when requested, to the end-to-end encrypted messages and data for everyone in the UK. The reasons are to specifically tackle serious crimes, such as terrorism and child sex abuse. The UK Government is not alone in…

Read More

Here’s what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much 01 Aug 2025 The world of espionage has gone digital. Rather than involving trench coats and secret missions, it’s now about silent cyberthreats that can turn phones into secret surveillance devices. In other words, today’s battleground is in people’s pockets, as malicious tools pose as everyday apps and can, in extreme…

Read More

Here’s a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025 31 Jul 2025 With another month behind us, it’s time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that made an impact and offered vital lessons in July 2025. Here’s Tony’s rundown of some of what stood out most over the past 30 or so days. attacks targeting on-premises Microsoft SharePoint…

Read More

Digital Security Not all browser add-ons are handy helpers – some may contain far more than you have bargained for Phil Muncaster 29 Jul 2025  •  , 4 min. read What would we do without the web browser? For most of us, it’s our gateway to the digital world. But browsers are such a familiar tool today that we’re in danger of giving them a free ride. In fact, there are plenty of rogue extensions…

Read More

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks 25 Jul 2025 The ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell. ESET’s data shows that attacks hit victims globally, with the US (13.3% of attacks) being the most-targeted country. What else is there to know…

Read More

Digital Security Before rushing to prove that you’re not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware Phil Muncaster 24 Jul 2025  •  , 4 min. read Bots have got a lot to answer for. They now make up over half of all internet traffic, and while some, such as Google’s web crawlers and fetchers, have legitimate purposes, nearly two-fifths are considered malicious. Their power can…

Read More

ESET Research ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities ESET Research 24 Jul 2025  •  , 5 min. read On July 19th, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being exploited in the wild. ToolShell is comprised of CVE-2025-53770, a remote code execution vulnerability, and CVE‑2025‑53771, a server spoofing vulnerability. These attacks target on-premises Microsoft SharePoint servers, specifically those running SharePoint…

Read More