CyberSecurity Updates

From the power of collaborative defense to identity security and AI, catch up on the event’s key themes and discussions 02 May 2025 That’s a wrap on the RSACTM 2025 Conference, one of the year’s premier cybersecurity events where thousands of security practitioners exchanged their views, ideas and knowledge while discussing the world’s most pressing security challenges. The theme of the 34th annual event, “Many voices. One community.”, turned the spotlight on collaboration and cooperation…

In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named TheWizards. Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and redirecting the traffic of legitimate Chinese software so that it downloads malicious updates from a server controlled by the attackers.  Key points in this…

From the near-demise of MITRE’s CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity 29 Apr 2025 The past month has seen no shortage of impactful and disconcerting cybersecurity news, including an eleventh-hour turnaround that averted the shutdown of MITRE’s CVE program to a report showing that AI outperforms red team experts in spearphishing. In this edition of the monthly roundup, ESET…

Mobile Security Your iPhone isn’t necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors. Phil Muncaster 28 Apr 2025  •  , 6 min. read Chances are high that many people think, “it’s an iPhone, so I’m safe”. Apple’s control over its device and app ecosystem has indeed historically been tight, with its walled-garden approach providing fewer…

Social Media Look out for AI-generated ‘TikDocs’ who exploit the public’s trust in the medical profession to drive sales of sketchy supplements 25 Apr 2025  •  , 3 min. read Once confined to research labs, generative AI is now available to anyone – including those with ill intentions, who use AI tools not to spark creativity, but to fuel deception instead. Deepfake technology, which can craft remarkably lifelike videos, images and audio, is increasingly becoming…

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. Phil Muncaster 23 Apr 2025  •  , 5 min. read When Google enters a particular market, it often means bad news for the incumbents. So it was with Google Forms, the tech giant’s form and quiz-building tool that launched in 2008. According to one estimate, it now has a market share of nearly 50%. However, with…