#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. Jakub Tomanek welivesecurity.com/en/eset-resear… 1/5

This disruption operation targeted Lumma Stealer’s C&C infrastructure, rendering much of the exfiltration network inoperative. ESET processed tens of thousands of Lumma samples to extract C&C servers and affiliate IDs. Infostealers are often precursors to major cyberattacks. 2/5

The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. welivesecurity.com/en/eset-resear… 1/6

🎟️ VB2025 Super Early Bird is live! Join the smartest minds in security this September in Berlin. 📍 24–26 Sept | JW Marriott Berlin ❗Tickets are limited and going fast. Register now 👉 tinyurl.com/bdee3wam #VB2025 #cybersecurity #berlin #earlybird

#ESETresearch analyzed a campaign deployed by BladedFeline, an 🇮🇷-aligned threat actor with likely ties to #OilRig. We discovered the campaign, which targeted Kurdish and 🇮🇶 government officials, in 2024. welivesecurity.com/en/eset-resear… 1/6

During Poland’s presidential election, pro-Kremlin outlets followed a clear pattern: ❗️Delegitimise democracy ❗️Undermine Ukraine ❗️Divide allies From Soros tropes to 'Russophobia' smears, the aim was to erode trust and fuel hostility. #DontBeDeceived👇 euvsd.info/DRCqIXB2

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/papers/… #ESETresearch

#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. welivesecurity.com/en/eset-resear… 1/9

In 2024, #Gamaredon returned to exclusively targeting Ukrainian governmental institutions, significantly increasing the size and frequency of its #spearphishing campaigns compared to previous years, as shown in the chart. 2/9

The threat actors behind Agent Tesla have reportedly lost access to the servers with the malware’s source code. A successor appeared almost immediately – another #MaaS threat, known as #SnakeStealer or #SnakeKeylogger, has claimed the number one spot. 2/4

If you want to find out more information about this changing of the guard in the infostealer threat landscape, head on over to #ESETThreatReport: welivesecurity.com/en/eset-resear… 4/4

For a time, Lumma Stealer was the primary payload of HTML/FakeCaptcha trojan, used in the #ClickFix social engineering attacks that we also cover in this issue of the #ESETThreatReport. In recent months, we have seen Danabot being delivered via ClickFix as well. 5/6

For more details on these two operations and on the ClickFix attacks, read the latest #ESETThreatReport: welivesecurity.com/en/eset-resear… 6/6

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. welivesecurity.com/en/eset-resear… 1/5

ESET first detected an attempt to exploit part of the execution chain on July 17 in🇩🇪. Here, the final #webshell payload was not delivered. The first time we registered the payload was on July 18 in🇮🇹. We have since seen active ToolShell exploitation all over the world. 2/5

#ESETresearch joins Europol’s Cyber Intelligence Extension Programme (CIEP) 🤝 We are proud to announce ESET’s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3). 1/5

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom 🏴‍☠️ Anton Cherepanov welivesecurity.com/en/eset-resear… 1/7

The vulnerability, which we assigned CVE-2025-8088, allows alternate data streams to be abused to perform path traversal. Attackers can fashion a RAR archive that, when opened, drops malicious payloads into the Windows startup directory, %TEMP%, %LOCALAPPDATA%, and others. 2/7

On July 24, we alerted the WinRAR team, which released version 7.13 just six days later. We advise all users to install the latest version as soon as possible. We would also like to thank the WinRAR team for its cooperation and quick response. 3/7 x.com/WinRAR_RARLAB/…

The 18th international CARO Workshop "Cybercrime Without Borders: Tracking the Global Underground" is coming to Innsbruck Austria on February 25-27, 2026, hosted by AV-Comparatives CfP starts 18 August. More information at: caro2026.org