CSOonline

Chinese ToddyCat abuses ESET antivirus bug for malicious activities

China-backed APT group ToddyCat has been found exploiting a medium-severity vulnerability in ESET antivirus software to sneak malicious code onto vulnerable systems. Tracked as CVE-2024-11859, the ...
Hackaday

This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model

This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced ...
Dark Reading

ToddyCat APT Targets ESET Bug to Load Silent Malware

The Chinese-speaking ToddyCat advanced persistent threat (APT) group is targeting a security vulnerability in ESET's antivirus software to silently execute malicious payloads on infected devices.