#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom 🏴‍☠️ Anton Cherepanov welivesecurity.com/en/eset-resear… 1/7

Cisco Talos’ latest blog exposes Static Tundra, a Russian state-sponsored group targeting unpatched Cisco devices for long-term espionage worldwide. Apply the patch now and protect your network: cs.co/6018fvA0O

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

Excellent profile on UNC5807/Salt Typhoon released from several govs today. There are several CN actors targeting global telcos, but these guys are distinguished by deep familiarity with the tech allowing them to evade detection and spread broadly. 1/x nsa.gov/Press-Room/Pre…

🚨 BREAKING: New zero-click exploit used to hack WhatsApp users. WhatsApp has just sent out a round of threat notifications to individuals they believe where targeted by an advanced spyware campaign in past 90 days. Seek out expert help if you have received this alert

#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware welivesecurity.com/en/eset-resear… 1/6

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. Martin Smolar welivesecurity.com/en/eset-resear… 1/8

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. welivesecurity.com/en/eset-resear… 1/3

Today, the NCSC has published a new malware analysis report to help organisations detect and mitigate malicious targeting of certain Cisco devices🚨 See our latest advice and insights from our Chief Technical Officer👇 ncsc.gov.uk/news/persisten…

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5

#ESETResearch has identified two campaigns targeting Android users in the🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. welivesecurity.com/en/eset-resear… 1/6

The video of Daniel Roethlisberger and my REcon 2025 talk, "A Trip to Ancient BABYLON", is now online! It's a fun story about a 2017-era iOS persistence exploit that we found in a Pegasus sample -- on VT (!!) youtube.com/watch?v=ZlopMt…

#ESETresearch discovered a new wave of the well-known 🇰🇵 Lazarus campaign Operation DreamJob, now targeting the drone industry. Peter Kálnai Alexis Rapin welivesecurity.com/en/eset-resear… 1/9

Microsoft Incident Response – Detection and Response Team (DART) uncovered SesameOp, a new backdoor that uses the OpenAI Assistants API for C2. DART shared the findings with OpenAI, who identified and disabled an API key and associated account. msft.it/6012tGbpm SesameOp

#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): 🇨🇳China-aligned groups targeted Latin America amid US-China tensions. 🇷🇺Russia-aligned groups intensified ops against 🇺🇦Ukraine & 🇪🇺EU states. Full report: web-assets.esetstatic.com/wls/en/papers/…

🚨BREAKING: We uncovered LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. 1/ unit42.paloaltonetworks.com/landfall-is-ne…

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. facundo Mz welivesecurity.com/en/eset-resear… 1/5

#ESETresearch discovered unique toolset, we named QuietEnvelope, targeting the MailGates email protection system of Taiwanese company OpenFind. The toolset was uploaded in anarchive, named spam_log.7z, to VirusTotal from Taiwan 🇹🇼. It contains Perl scripts, three stealthy passive

New GTIG analysis reveals spyware vendor Intellexa is still going strong, responsible for 15 unique zero-days since 2021. We discuss their exploit chain deploying sophisticated PREYHUNTER malware, plus a new delivery tactic: malicious ads. Full report: bit.ly/4pJioMJ

#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by ClearSky Cyber Security. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops.