We Live Security

1. Sednit abuses XSS flaws to hit gov't entities, defense companies

   Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

2. Operation RoundPress

   ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

3. How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

   Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

4. Catching a phish with many faces

   Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

5. Beware of phone scams demanding money for ‘missed jury duty’

   When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

6. Toll road scams are in overdrive: Here’s how to protect yourself

   Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

7. RSAC 2025 wrap-up – Week in security with Tony Anscombe

   From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

8. TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

   ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

9. This month in security with Tony Anscombe – April 2025 edition

   From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

10. How safe and secure is your iPhone really?

    Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.