CyberSecurity Updates

09 Jan

Credential stuffing: What it is and how to protect yourself

Information

Digital Security Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts Christian Ali Bravo 08 Jan 2026  •  , 4 min. read Reusing the same password across multiple accounts may be convenient, but it sets you up for trouble that can cascade across your digital life. This (bad) habit creates the perfect opening for credential stuffing, a technique where bad actors take a list of…

Read More
08 Jan

Who Benefited from the Aisuru and Kimwolf Botnets?

Information, Insights

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On Dec. 17, 2025, the Chinese security firm XLab published a deep dive on Kimwolf, which forces infected devices to participate…

Read More
02 Jan

The Kimwolf Botnet is Stalking Your Local Network

Information, Insights

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date. The security company Synthient currently sees more than…

Read More
31 Dec

This month in security with Tony Anscombe – December 2025 edition

Information

As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year 29 Dec 2025 As we close out 2025, it’s time for ESET Chief Security Evangelist Tony Anscombe to review some of the main cybersecurity stories from both the final month of the year and 2025 as a whole. Among the stories that caught Tony’s eye are: U.S.-based organizations paid…

Read More
29 Dec

Happy 16th Birthday, KrebsOnSecurity.com!

Information, Insights

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. Image: Shutterstock, Younes Stiller Kraske. In May 2024, we…

Read More
29 Dec

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Information, Malware, News

The popular text and code editing software EmEditor was recently targeted in a supply chain attack that resulted in the distribution of infostealer malware. Developed by Redmond-based Emurasoft, Inc., EmEditor is a high-performance Windows tool designed for coding, text editing, and processing large files. In a security incident notice posted on the official website on December 22, the software’s developers warned that individuals who had downloaded EmEditor using the ‘download now’ button between December 19,…

Read More
24 Dec

A brush with online fraud: What are brushing scams and how do I stay safe?

Information

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. Phil Muncaster 23 Dec 2025  •  , 5 min. read Global e-commerce sales are predicted to exceed $6.4 trillion in 2025. And a large share of these will come via marketplaces. But while they ostensibly offer convenience and safety for consumers and expanded reach for businesses, there is a…

Read More
23 Dec

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

Information

ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely. Our root cause analysis allowed us to pinpoint the exact location of the faulty code and reproduce the crash.…

Read More
19 Dec

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Information

In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of which had substantial ties to any previously tracked threat actors. Based on our findings, we decided to attribute the malicious tools to a new China-aligned APT group that we have named LongNosedGoblin. The group employs a varied custom toolset consisting mainly of C#/.NET…

Read More
19 Dec

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Information, Insights

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all. FREE…

Read More