Hello.

The latest ESET research sheds light on an advanced phishing technique that SOCs might find hard to catch. We’ve written about spearphishing before, highlighting ESET Research’s telemetry finds concerning this insidious, highly personalized attack type.  However, the story isn’t over. In their latest findings, researchers have gone on to detail a series of successful phishing attempts by the Iran-aligned MuddyWater APT group, using a very specific attack technique — internal

Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters. New legislation in Australia makes it illegal for those under 16 to have a social media account. To avoid financial penalties, social media companies have scrambled to remove accounts they believe breach the legislation. Notably, there are no consequences for the under-16s who attempt to create an account using a fraudulent age. As the first countr

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do. Contrary to popular belief, much of the dark web isn’t the den of digital iniquity that some commentators claim. In fact, there are plenty of legitimate sites and forums there offering privacy-enhanced content and services to help individuals avoid censorship and oppression. However, the truth is, it’s also a magnet for cybercriminals, who

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts Reusing the same password across multiple accounts may be convenient, but it sets you up for trouble that can cascade across your digital life. This (bad) habit creates the perfect opening for credential stuffing, a technique where bad actors take a list of previously exposed login credentials and systematically feed the username and password pairs into the login fi

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. Global e-commerce sales are predicted to exceed $6.4 trillion in 2025. And a large share of these will come via marketplaces. But while they ostensibly offer convenience and safety for consumers and expanded reach for businesses, there is a darker side to the industry. In 2024, Amazon alone proactively blocked  over 275 million suspec

A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as

Aviation and aerospace can’t fly under cyber threat actors’ radars anymore. Man has always been keen on pushing past preconceived limits. The Wright brothers  made the skies the limit … until Neil Armstrong took a giant leap for mankind by stepping onto the surface of the moon. None of these advances would have been possible without the ingenuity of tinkerers, scientists, and engineers, or the fearlessness of test pilots. In recent years, software developers have become a new

If you don’t look inside your environment, you can’t know its true state – and attackers count on that I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity. And that need for clarity is

Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. Skip to the next paragraph if your eyes glaze over at the long, long titles of industry reports: the AV-Comparatives Endpoint Prevention and Response Comparative Report 2025, MITRE ATT&CK Evaluations Enterprise 2025, or the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Despite their wordy nomenclatur

NOTE: The views and opinions expressed in this blog post are those of ESET and do not necessarily reflect the views or positions of the MITRE Corporation. The hidden treasure in the latest MITRE ATT&CK® Enterprise Evaluation is in the summaries and data deep-dives, not in headlines from vendors with high sales intent, under pressure to “sell” Detection & Response. As a result, even astute readers may miss the forest for the trees, seeing only individual performances and yet-t