A sophisticated threat actor known as Mustang Panda has been implicated in a wave of spear-phishing attacks directed at key sectors including government, education, and research from May to October 2022. According to a recent report by cybersecurity firm Trend Micro, the targeted regions include countries in the Asia Pacific,…
Endpoint Security, Hardware / Chip-level Security Eset Uncovers New Malware Variant, HybridPetya Anviksha More (AnvikshaMore) • September 12, 2025 Image: Shutterstock Security researchers at Eset have recently identified a new variant of malware reminiscent of the notorious Petya/NotPetya, which they have named “HybridPetya.” This insight was shared on Friday, emphasizing…
In a significant development in cybersecurity, the Russian-affiliated group known as Sandworm has deployed a new variant of wiper malware called NikoWiper in an attack against a Ukrainian energy sector company in October 2022. This incident underscores the ongoing cyber threats linked to geopolitical tensions in the region. ESET, a…
Emerging Threat: New Infostealer Program Targets Vulnerable Users with Automated Sextortion Features Recent investigations by cybersecurity firm Proofpoint have uncovered a burgeoning threat in the form of a malicious software known as Stealerium. This program, which masquerades as a legitimate application, allows cybercriminals to access a wide range of personal…
Recent developments in cybersecurity have illuminated a sophisticated backdoor associated with a malware downloader known as Wslink, believed to be utilized by the notorious Lazarus Group, an actor aligned with North Korean interests. The findings, reported by ESET, highlight a payload referred to as WinorDLL64, which acts as a comprehensive…
A recent analysis has unveiled a new custom backdoor, dubbed MQsTTang, employed by the China-aligned hacking group Mustang Panda in a social engineering campaign that began in January 2023. This malware marks a departure from the group’s previously observed tactics, as it appears not to have roots in existing malware…
Published: April 9, 2025
Category: Windows Security / Vulnerability
A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…
Newly Discovered TCESB Malware Targets ESET Security Software April 09, 2025 Recent cybersecurity developments have illuminated a new malware strain known as TCESB, which is being actively deployed in ongoing attacks. This malware, linked to a Chinese-affiliated threat actor, exploits vulnerabilities in ESET security software. Analysts at Kaspersky have highlighted…
Published: April 9, 2025
Category: Windows Security / Vulnerability
A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…
May 15, 2025
Vulnerability / Email Security
A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.
“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”
Russia-Linked APT28 Exploits MDaemon Zero-Day to Compromise Government Webmail Servers On May 15, 2025, ESET released a report detailing a cyber espionage campaign attributed to a Russia-linked threat actor targeting webmail servers, including Roundcube, Horde, MDaemon, and Zimbra. This operation, dubbed Operation RoundPress, has been under investigation since it commenced…
May 15, 2025
Vulnerability / Email Security
A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.
“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”
Recent findings indicate a concerning shift in the ransomware landscape, signaling potential dangers for businesses. While the use of artificial intelligence (AI) in ransomware development has not yet become widespread, instances of this trend serve as a stark reminder of evolving cyber threats. Allan Liska, a ransomware analyst at Recorded…
