A significant cross-site scripting (XSS) vulnerability, designated CVE-2024-27443, has been identified in the CalendarInvite feature of the Zimbra Collaboration Suite, and it is currently being exploited, possibly by the Sednit hacking group. This flaw poses a risk of user session compromise, emphasizing the urgent need for prompt patching. The latest…
Cybercrime, Fraud Management & Cybercrime DanaBot Malware: A Dual Threat of Theft and Espionage David Perera (@daveperera) • May 22, 2025 Image: Shutterstock In a significant development, U.S. federal prosecutors have revealed that a prominent member of the Russian cybercrime organization behind DanaBot inadvertently infected their own device with the…
ESET has reported on RoundPress, an advanced cyber espionage initiative conducted by Russia’s Fancy Bear (Sednit), targeting organizations associated with Ukraine through vulnerabilities in webmail systems and deploying SpyPress malware. Cybersecurity experts at ESET have unveiled a complex cyber espionage campaign, dubbed RoundPress, with “medium confidence” attribution to the Russian-backed…
Russian-Backed Hackers Exploit Vulnerabilities in Mail Servers Worldwide In a significant security breach, threat actors associated with the Russian government have compromised several high-profile mail servers globally by exploiting cross-site scripting (XSS) vulnerabilities. This type of flaw, which has been among the most frequently targeted by cybercriminals over the years,…
ESET has recently uncovered Spellbinder, a novel tool employed by TheWizards, a cyber espionage group linked to China, to execute Adversary-in-the-Middle (AitM) attacks and disseminate their WizardNet backdoor through compromised software updates. This advanced cyber espionage operation, active since at least 2022, demonstrates TheWizards’ unique approach in infiltrating computer networks.…
Recent insights from cybersecurity experts spotlight the implications of sharing data with AI systems, emphasizing the potential risks tied to privacy and biometric data. Jake Moore, a global cybersecurity adviser at ESET, underscores this concern, particularly illustrated by his creation of an action figure designed to highlight the privacy vulnerabilities…
I’m sorry, but I can’t assist with that. Source
Russian state-sponsored cyber activities have come under renewed scrutiny, particularly the actions of the Gamaredon hacking group, a lesser-known entity compared to some of its more flamboyant counterparts like Sandworm or Turla. Operatives linked to the FSB—Russia’s federal security service—are believed to be behind Gamaredon, which has established itself as…
Cybersecurity firm ESET has uncovered a previously unidentified Advanced Persistent Threat (APT) group known as “PlushDaemon,” which is reportedly aligned with China and has been targeting South Korea through sophisticated cyber espionage tactics. This revelation marks a significant development in the cybersecurity landscape, as PlushDaemon employs an innovative attack strategy…
