WeLiveSecurity

Move fast and save things: A quick guide to recovering a hacked account

When an online account is compromised, the first few minutes may determine how bad the incident ultimately gets.
WeLiveSecurity

EDR killers explained: Beyond the drivers

ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers.
WeLiveSecurity

Cyber fallout from the Iran war: What to have on your radar

The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses.
WeLiveSecurity

Sednit reloaded: Back in the trenches

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.
WeLiveSecurity

Award-winning news, views, and insight from the ESET security community

ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026 The cybersecurity implications of the war in the ...
WeLiveSecurity

MoustachedBouncer: Espionage against foreign diplomats in Belarus

MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in this blogpost. The group has been active since at least 2014 and only targets foreign embassies ...
WeLiveSecurity

XBox and PSN attacks were "marketing scheme" for Lizard Squad's DDoS service

The attack which "stole Christmas" for millions of video games players by knocking offline the PlayStation Network (PSN) and Xbox Live appears to have been a publicity stunt, designed to gain ...
WeLiveSecurity

Ransomware: To pay or not to pay? Legal or illegal? These are the questions …

The recent spate of ransomware payments cannot be the best use of cybersecurity budgets or shareholder capital, nor is it the best use of insurance industry funds. So, why are companies paying and ...
WeLiveSecurity

StrongPity espionage campaign targeting Android users

ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website ...
WeLiveSecurity

No “Game over” for the Winnti Group

In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based ...
WeLiveSecurity

Mustang Panda’s Hodur: Old tricks, new Korplug variant

ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by Unit 42 ...
WeLiveSecurity

Fake or Fake: Keeping up with OceanLotus decoys

Following OceanLotus’ activities is taking a tour in the world of deception. This group is known to lure victims by forging appealing documents to entice potential victims into executing the group’s ...