ESET Research has discovered HybridPetya, on the VirusTotal sample sharing platform. It is a copycat of the infamous Petya/NotPetya malware, adding the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems. Key points of this blogpost: New ransomware samples, which we named HybridPetya, resembling the infamous Petya/NotPetya malware,…

Continue Reading

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality 16 Sep 2025 ESET researchers have uncovered a new ransomware strain that they have named HybridPetya. While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems…

Continue Reading

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises 18 Sep 2025  •  , 5 min. read Think your business is too small to be singled out for digital extortion? Think again. Indeed, if you’re an SMB owner, you’d better assume you’re…

Continue Reading

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Key points of this blogpost: In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was…

Continue Reading

According to local media reports, two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who have not been named by police because of their age, were reportedly arrested last week “on suspicion that are linked to government-sponsored interference.” According to reports, the father of one of the…

Continue Reading

In episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo’s robo-cars save lives but get outsmarted by a bathroom mirror, a “rescue” bot slurps up victims head-first, and China shows off a fusion robot arm that can lift ten elephants (or 200,000 pigeons, if you’re scientific about it).…

Continue Reading

INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Authorities claim that they have identified more than 1400 scam victims, estimating total losses at almost US $2.8 million. 1,235 electronic devices were seized by law enforcement agencies as part of the crackdown,…

Continue Reading

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communications still default to “we take security seriously” while quietly implying “assume…

Continue Reading

Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan’s largest brewer to its knees and left the country days away from running out of its most popular beverage. Japan is reportedly facing an unprecedented shortage of the nation’s most popular beer, Asahi Super Dry, following an…

Continue Reading

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. According to the hugely popular messaging platform which has more than 200 million monthly users, the hackers breached a third-party customer service provider rather than gaining access…

Continue Reading