Webworm APT targets European government organizations with new backdoors
ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially …
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone …
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts …
GopherWhisper APT group hides command and control traffic in Slack and Discord
Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group …
NGate NFC malware targets Android users through trojanized payment app
NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the …
ESET introduces Cloud Workload Protection, bringing XDR visibility to cloud environments
ESET has launched ESET Cloud Workload Protection as part of a comprehensive update for its ESET PROTECT Platform. The new module extends security beyond endpoints and servers …
EDR killers are now standard equipment in ransomware attacks
Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have …
This spy tool has been quietly stealing data for years
ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate …
PromptSpy: First Android malware to use generative AI in its execution flow
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI as part of its execution flow in order to achieve persistence. This marks …
A fake romance turns into an Android spyware infection
ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app …
Poland repels data-wiping malware attack on energy systems
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared …
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim …
Featured news
Resources
Don't miss
- Coinflow CISO on crypto payments security under AI pressure
- Vigolium: Open-source vulnerability scanner
- Anthropic: Claude Mythos identified 10,000+ software flaws
- Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
- High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)