CyberSecurity Updates

04 Jul

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

Information

ESET Research ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024 Zoltán Rusnák 02 Jul 2025  •  , 6 min. read Since Russia’s full-scale invasion of Ukraine in February 2022, cyberespionage has played a crucial role in the broader threatscape. Russia-aligned advanced persistent threat (APT) groups have relentlessly targeted Ukrainian entities, employing cyberattacks alongside disinformation campaigns. ESET Research has closely monitored these activities, regularly documenting cyber-operations carried…

Read More
03 Jul

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Information, Insights

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X. On May 29, the U.S. Department of the Treasury announced economic sanctions against Funnull Technology Inc., a Philippines-based company alleged to…

Read More
03 Jul

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

Information

ESET Research Podcasts ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report ESET Research 01 Jul 2025  •  , 2 min. read In the latest episode of the ESET Research Podcast, ESET Distinguished Researcher Aryeh Goretsky is joined by ESET Security Awareness Specialist Rene Holt to dissect the key findings from ESET’s APT Activity Report. The first actor that…

Read More
03 Jul

ESET Threat Report H1 2025: Key findings

Information

ESET Chief Security Evangelist Tony Anscombe looks at some of the report’s standout findings and their implications for organizations in 2025 01 Jul 2025 The ESET research team has released the H1 2025 issue of the ESET Threat Report, offering a detailed look at the key trends and developments that defined the cyberthreat landscape from December 2024 through May 2025. Among other things, the report describes how a novel social engineering technique called ClickFix has…

Read More
30 Jun

Senator Chides FBI for Weak Advice on Mobile Security

Information, Insights

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the…

Read More
30 Jun

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Attacks, Insights, Malware

Today, CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.  Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events. These cyber actors often…

Read More
29 Jun

This month in security with Tony Anscombe – June 2025 edition

Information

From Australia’s new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news 28 Jun 2025 It’s that time of month when ESET Chief Security Evangelist Tony Anscombe looks at the most impactful cybersecurity news of the past 30 or so days. Here’s some of what caught his eye in June 2025: new legislation in Australia that mandates that certain organizations report ransomware payments within 72 hours…

Read More
27 Jun

ESET Threat Report H1 2025

Information

ESET Research Threat Reports A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 26 Jun 2025  •  , 2 min. read From novel social engineering techniques to sophisticated mobile threats and major infostealer disruptions, the threat landscape in the first half of 2025 was anything but boring. One of the most striking developments this period was the emergence…

Read More
24 Jun

New Guidance Released for Reducing Memory-Related Vulnerabilities

Attacks, Insights, Malware

Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.  Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.  CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with…

Read More
12 Jun

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Information, Insights

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. Image: Infoblox. In November 2024, researchers at the security firm Qurium published an investigation…

Read More