The IT Nerd

ESET is proud to announce the winners of its tenth annual Women in Cybersecurity Scholarship. Selected from a highly competitive pool of applicants across the US and Canada, the ten scholarship recipients impressed the review panel with their academic achievements, passion for cybersecurity, and commitment to making a positive impact in STEM fields.

This year marks a milestone in the program’s evolution with the continued expansion of the Cybersecurity Trailblazer Award Tier, a designation reserved for the most exceptional applicants who have demonstrated outstanding technical proficiency, leadership, and a deep, sustained focus on cybersecurity. The recipients of this year’s Cybersecurity Trailblazer Awards are U.S.’ Alexis Eskenazi, Crystal Yang, and Ismat Jarin, each receiving a $10,000 scholarship in recognition of their exemplary work. The Canadian Trailblazer recipients are Azka Siddiqui and Constance Prevot, each receiving a $5,000 scholarship for their remarkable contributions and potential to drive change within the field.

This year, Canada also saw the launch of the Future Leader Award, a new scholarship tier recognizing emerging talent with strong potential in the field of cybersecurity. Five students were selected to receive $1,000 scholarships: Yushika Jhundoo, Meadow Agbor, Tina Ismail, Vrinda Joshi, and Yashvi Shah. Together, these individuals have shown exceptional promise as future leaders in cybersecurity. Their ambitions and achievements reflect the values at the heart of the Women in Cybersecurity Scholarship: innovation, inclusion, and impact.

ESET North America awarded $45,000 in scholarships this year to celebrate the program’s tenth anniversary, reaffirming its commitment to building a more inclusive and secure digital future.

Learn more about the Trailblazer Award recipients:

Alexis Eskenazi, Berkeley, California, United States: Alexis Eskenazi’s journey into cybersecurity began with competitive robotics, where building championship-level robots sparked her interest in how connected systems function. That passion led her to launch Eskenazi Ed-Tech & AI Consulting, bringing hands-on STEM education to over 400 students globally. From mentoring the world’s first all-female Indigenous robotics team in New Zealand to researching vulnerabilities in U.S. healthcare and semiconductor infrastructure, Alexis blends technical insight with education and policy to advance a more secure, inclusive digital world.

Crystal Yang, Katy, Texas, United States: Crystal Yang’s interest in cybersecurity was sparked by watching scam-baiting videos, which seem humorous on the surface, but reveal just how vulnerable people can be to social engineering. Determined to fight back, she built TimeWaster3000, an AI-powered bot that wastes scammers’ time using natural language processing and speech recognition. As the founder of Audemy.org, Crystal has also created AI-driven educational games used by more than 5,000 blind and visually impaired students worldwide and implemented in 19 schools. Today, she is focused on cybersecurity projects aimed at scam awareness and social engineering defense for businesses.

Ismat Jarin, Irvine, California, United States: Ismat Jarin’s path to cybersecurity began in her home country, where early experiences with societal biases and privacy violations fueled her resolve to protect underrepresented communities through technology. She became the first woman from her town to rank in the top 2% nationally for admission to her country’s top engineering university, later earning a Master’s in Systems and Security from UM Dearborn and now pursuing a Ph.D. at UC Irvine. Her research explores privacy risks in AI/LLMs and emerging technologies and has been published at leading conferences like PETS, NeurIPS(WiML) and CODASPY. Beyond research, Ismat is a passionate mentor and advocate, helping first-generation and underrepresented students find belonging and success in cybersecurity.

Azka Siddiqui, Mississauga, Ontario, Canada: Azka Siddiqui’s passion for computer science began in fourth grade when she programmed Dash robots during a classroom activity, sparking her fascination with the intersection of hardware and software. Her interest in cybersecurity solidified during a 2024 internship at Nokia, where she helped refine an advanced filter tool that monitored over 10,000 alarms. In addition to furthering her technical skills, Azka serves as Vice Chair of a national nonprofit empowering girls in STEM, has led a coding club spanning three Canadian provinces, and conducted research on smart-grid anomaly detection and eye-tracking technologies in university labs. This fall, Azka will begin her Honours Bachelor of Applied Science in Computer Engineering at the University of Waterloo, where she plans to focus on cybersecurity and AI with an emphasis on making digital spaces safer for women.

Constance Prevot, Mount Royal, Quebec, Canada: Constance Prevot’s journey into cybersecurity began at Concordia University, where a Capture-The-Flag competition sparked a passion that would shape her academic and professional path. She has since represented Canada at the 2024 International Cybersecurity Competition in Chile, served as a SOC Analyst at OnePoint for Desjardins, conducted adversary-focused research at GoSecure, and co-presented her findings at conferences including HOPE and BSides. As President of Concordia University’s Software Engineering and Computer Science Society, she has led initiatives to make cybersecurity education more accessible, including launching “compétitionsquebec,” a platform cataloging local competitions and training resources.

Future Leader Awards: This inaugural award proudly recognizes five exceptional students who exemplify the next generation of innovators and changemakers. With a $1,000 award, these students are being honored not only for their academic excellence but also for their passion and potential to shape the future of technology. This year’s awardees are:

• Yushika Jhundoo (Ottawa, ON) – Computer Science, University of Ottawa: Tech community builder and cybersecurity enthusiast dedicated to inclusive outreach and digital empowerment.
• Meadow Agbor (Calgary, AB) – Computer Information Systems, Mount Royal University (MRU): Cybersecurity intern and youth mentor with a passion for digital safety and inclusive community engagement.
• Tina Ismail (Mississauga, ON) – Electrical Engineering, McMaster University: Cybersecurity enthusiast and IEEE leader blending technical innovation, educational research, and creative expression.
• Vrinda Joshi (Markham, ON) – Systems Design Engineering (Co-op), University of Waterloo: STEM equity advocate and nonprofit co-founder empowering youth through coding, robotics, and hands-on innovation.
• Yashvi Shah (Caledon, ON) – Computer Engineering (Co-op), University of Toronto: Innovative researcher and tech educator with experience in AI, 3D simulation, and youth empowerment through coding and wellness initiatives.

Learn more about the Women in Cybersecurity Scholarship here.

The Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign, according to ESET researchers. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline’s evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET.

Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group.

Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group’s strategic focus on persistence and stealth within targeted networks.

BladedFeline has worked consistently to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq.

ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country.

In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare.

ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.

For a more detailed analysis and technical breakdown of BladedFeline’s tools used in Operation RoundPress, check out the latest ESET Research blogpost “Whispering in the dark” on WeLiveSecurity.com.

ESET has participated in a major infrastructure disruption of the notorious infostealer, Danabot, by the US Department of Justice, the FBI, and US Department of Defense’s Defense Criminal Investigative Service. U.S. agencies were working closely with Germany’s Bundeskriminalamt, the Netherlands’ National Police, and the Australian Federal Police . ESET took part in the effort alongside Amazon, CrowdStrike, Flashpoint, Google, Intel471, PayPal, Proofpoint, Team Cymru and Zscaler. ESET Research, which has been tracking Danabot since 2018, contributed assistance that included providing technical analysis of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. During that period, ESET analyzed various Danabot campaigns all over the world, with Poland, Italy, Spain and Turkey historically being one of the most targeted countries. The joint takedown effort also led to the identification of individuals responsible for Danabot development, sales, administration, and more.

These law enforcement operations were conducted under Operation Endgame — an ongoing global initiative aimed at identifying, dismantling, and prosecuting cybercriminal networks. Coordinated by Europol and Eurojust, the operation successfully took down critical infrastructure used to deploy ransomware through malicious software.

The authors of Danabot operate as a single group, offering their tool for rental to potential affiliates, who subsequently employ it for their malicious purposes by establishing and managing their own botnets. Danabot’s authors have developed a vast variety of features to assist customers with their malevolent motives. The most prominent features offered by Danabot include: the ability to steal various data from browsers, mail clients, FTP clients, and other popular software; keylogging and screen recording; real-time remote control of the victims’ systems; file grabbing (commonly used for stealing cryptocurrency wallets); support for Zeus-like webinjects and form grabbing; and arbitrary payload upload and execution. Besides utilizing its stealing capabilities, ESET Research has observed a variety of payloads being distributed via Danabot over the years.  Furthermore, ESET has encountered instances of Danabot being used to download ransomware onto already compromised systems.

In addition to typical cybercrime, Danabot has also been used in less conventional activities such as utilizing compromised machines for launching DDoS attacks… for example, a DDoS attack against Ukraine’s Ministry of Defense soon after the Russian invasion of Ukraine.

Throughout its existence, according to ESET monitoring, Danabot has been a tool of choice for many cybercriminals and each of them has used different means of distribution. Danabot’s developers even partnered with the authors of several malware cryptors and loaders, and offered special pricing for a distribution bundle to their customers, helping them with the process.  Recently, out of all distribution mechanisms ESET observed, the misuse of Google Ads to display seemingly relevant, but actually malicious, websites among the sponsored links in Google search results stands out as one of the most prominent methods to lure victims into downloading Danabot. The most popular ploy is packing the malware with legitimate software and offering such a package through bogus software sites or websites falsely promising users to help them find unclaimed funds. The latest addition to these social engineering techniques are deceptive websites offering solutions for fabricated computer issues, whose only purpose is to lure victims into execution of a malicious command secretly inserted into the user’s clipboard.

The typical toolset provided by Danabot’s authors to their affiliates includes an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communications between the bots and the actual C&C server. Affiliates can choose from various options to generate new Danabot builds, and it’s their responsibility to distribute these builds through their own campaigns.

For technical overview of Danabot and insight into its operation, check out ESET Research blogpost: “Danabot: Analyzing a fallen empire” on WeLiveSecurity.com. 

Yesterday I reported on a takedown of the Lumma Stealer network which is a big deal as this infostealer is a huge threat to computer users everywhere. Today ESET announced that has taken part in this takedown. The operation, spearheaded by Microsoft and supported by BitSight, Lumen, Cloudflare, CleanDNS, GMO Registry, and ESET, has successfully disrupted key elements of Lumma Stealer’s infrastructure, significantly impeding its ability to exfiltrate sensitive data from victims worldwide.

Key Contributions by ESET:

ESET contributed to the disruption by analyzing and processing tens of thousands of Lumma Stealer samples, identifying C&C servers, affiliate identifiers, and tracking the malware’s evolution in real time. Our automated telemetry enabled continuous monitoring of Lumma Stealer’s activities, supporting the takedown of over 3,000 malicious domains used since mid-2024.

ESET provided in-depth technical analysis and statistical breakdowns, helping cluster threat actors and understand the malware’s changing tactics.

The Threat of Lumma Stealer

Lumma Stealer (also known as LummaC or LummaC2) has been one of the most active infostealers in the cybercrime landscape over the past two years. Operated on a subscription-based MaaS model, it allowed cybercriminals to steal browser data, credentials, cryptocurrency wallets, and more, which are frequently sold on underground marketplaces to ransomware groups and other threat actors.

The malware’s infrastructure included Telegram-based dead-drop resolvers, weekly domain updates, and an elaborate affiliate tracking system through unique LID and UID identifiers. Its modular design and advanced anti-analysis techniques like control flow flattening and encrypted stack strings made detection and mitigation difficult—until now.

Global Disruption Impact

The collaborative disruption effort has rendered large portions of Lumma Stealer’s command-and-control network inoperable, striking a major blow to its ability to continue operations. While the actors behind Lumma Stealer are likely to attempt to regroup or pivot, this intervention marks a significant disruption to one of the most pervasive infostealer operations in recent years.

What Comes Next

ESET will continue to monitor the cybercrime ecosystem for signs of Lumma Stealer’s return or rebranding and remains committed to disrupting infostealer malware families that put organizations and individuals at risk.

Read the Full Technical Report

To explore the complete in-depth technical analysis, infrastructure breakdowns, sample statistics, and obfuscation techniques used by Lumma Stealer, visit the ESET We Live Security Blog: https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/

ESET researchers have uncovered a Russia-aligned espionage operation, which ESET named RoundPress, targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data from specific email accounts. Most of the targets are related to the current war in Ukraine; they are either Ukrainian governmental entities or defense companies in Bulgaria and Romania. Notably, some of these defense companies are producing Soviet-era weapons to be sent to Ukraine. Other targets include African, EU, and South American governments.

“Last year, we observed different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Sednit also started to use a more recent vulnerability in Roundcube, CVE-2023-43770. The MDaemon vulnerability — CVE-2024-11182, now patched — was a zero day, most likely discovered by Sednit, while the ones for Horde, Roundcube, and Zimbra were already known and patched,” says ESET researcher Matthieu Faou, who discovered and investigated Operation RoundPress.

Sednit sends these XSS exploits by email; the exploits lead to the execution of malicious JavaScript code in the context of the webmail client web page running in a browser window. Therefore, only data accessible from the target’s account can be read and exfiltrated.

In order for the exploit to work, the target must be convinced to open the email message in the vulnerable webmail portal. This means that the email needs to bypass any spam filtering, and the subject line needs to be convincing enough to entice the target into reading the email message — abusing well-known news media such as Ukrainian news outlet Kyiv Post or Bulgarian news portal News.bg. Among the headlines used as spearphishing were: “SBU arrested a banker who worked for enemy military intelligence in Kharkiv” and “Putin seeks Trump’s acceptance of Russian conditions in bilateral relations”.

The attackers unleash JavaScript payloads SpyPress.HORDE, SpyPress.MDAEMON, SpyPress.ROUNDCUBE, and SpyPress.ZIMBRA upon the targets. Those are capable of credential stealing; exfiltration of the address book, contacts, and log-in history; and exfiltration of email messages. SpyPress.MDAEMON is able to set up a bypass for two-factor authentication protection; it exfiltrates the two-factor authentication secret and creates an app password, which enables the attackers to access the mailbox from a mail application.

“Over the past two years, webmail servers such as Roundcube and Zimbra have been a major target for several espionage groups, including Sednit, GreenCube, and Winter Vivern. Because many organizations don’t keep their webmail servers up to date, and because the vulnerabilities can be triggered remotely by sending an email message, it is very convenient for attackers to target such servers for email theft,” explains Faou.

The Sednit group — also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy — has been operating since at least 2004. The U.S. Department of Justice named the group as one of those responsible for the Democratic National Committee (DNC) hack just before the 2016 U.S. elections and linked the group to the GRU. The group is also presumed to be behind the hacking of global television network TV5Monde, the World Anti-Doping Agency (WADA) email leak, and many other incidents.

For a more detailed analysis and technical breakdown of Sednit’s tools used in Operation RoundPress, check out the latest ESET Research blogpost “Operation RoundPress” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

ESET is warning organizations to stay alert as “EDR killers” – tools designed to disable Endpoint Detection and Response (EDR) solutions- grow more accessible and more widely used by ransomware affiliates. While not a new threat, these tools are becoming easier to deploy, making them relevant for enterprises and mid-sized organizations alike. 

An EDR killer works by disabling or impairing EDR agents on compromised machines, blinding defenders and paving the way for attackers to move stealthily and deliver malicious payloads. These tools are typically deployed after initial access has already been achieved, a process that itself should set off multiple alarms in a well-defended environment. 

Once used only by highly skilled threat actors, EDR killers are now distributed by ransomware-as-a-service (RaaS) operators like RansomHub, lowering the technical bar for attackers. Variants range from basic script-based tools to more advanced versions that exploit vulnerable drivers or repurpose legitimate software, like rootkit removal tools, to disable security systems. 

Despite these developments, ESET stresses that EDR killers aren’t cause for panic, but they are a reminder of the importance of strong, layered security. Organizations with solid defences, good detection practices, and well-trained staff remain in a strong position to detect and disrupt these tools before they cause severe damage. 

ESET recommends the following best practices to reduce exposure: 

• Use a hardened, updated EDR solution: Leading tools already detect many known EDR killer behaviours. 
• Restrict user permissions: Prevent users without admin rights from modifying or disabling security controls. 
• Monitor for suspicious downloads and file transfers: Watch for scripts, drivers, or tools commonly used in these attacks. 
• Block Potentially Unsafe Applications (PUSA): Review app control policies to minimize exposure to misused software. 
• Invest in staff training: Phishing awareness and safe file handling are still your first line of defence. 

The rise of EDR killers reflects an evolving cybercrime landscape, where increasingly advanced tools are being commercialized and shared. As attackers adapt their tactics, defenders must do the same. A resilient, multi-layered approach, backed by regular reviews and user education, remains the best strategy for staying ahead. 

ESET continues to track the development of EDR killer tools and their use in real-world attacks. For further insights and technical analysis, visit ESET’s threat research blog, WeLiveSecurity. 

ESET, a global leader in cybersecurity solutions, today released new updates for the ESET PROTECT Platform, including Ransomware Remediation, a new way to prevent ransomware encryption from causing long-term business disruption, as well as new functionalities for ESET Cloud Office Security and the ESET AI Advisor. These new cybersecurity features were launched at ESET World 2025, taking place in Las Vegas from March 24 to 26, 2025, at the ARIA Resort & Casino.

As ransomware attacks increase in sophistication, threat actors seek to undermine nearly all areas of business security and stability. One well-known and -used attack is encryption, which prevents you from accessing your device and the data stored on it. Causing costly process disruption, and ultimately forcing firms to pay to decrypt their systems, threat actors often target system backups, such as Volume Shadow Copy, by immediately deleting or corrupting them. This makes recovery nearly impossible and drives up remediation costs.

Building on ESET LiveSense, ESET’s next-gen Ransomware Remediation feature works in concert with Ransomware Shield to immediately create backups until the system confirms whether the suspicious activity is malicious or benign. If malicious, Ransomware Shield will kill the process and roll back the files from the newly created secure backups. If benign, the backups created can be discarded. Unlike other solutions, Ransomware Remediation has its own protected storage section on the drive, where files cannot be modified, corrupted, or deleted by the attacker. This differentiator actively solves one of the most common failings of regular backups during a ransomware attack. As a free addition for customers signed up for the ESET PROTECT Advanced tier and above, Ransomware Remediation is available for Windows-based systems.

Email Security and AI Advisor Updates

ESET has added anti-spoofing and homoglyph protection to its ESET Cloud Office Security module, preventing attackers from pretending to be trusted sources while also identifying their efforts to disguise malicious domains or URLs through letter substitution from other alphabets. Moreover, ESET Cloud Office Security now also has an email clawback feature, enabling swift recall and quarantine of any delivered emails deemed suspicious. New dashboards are visually enhanced and include fully customizable tabs and components that fit a user’s specific needs.

ESET has also expanded the availability of AI Advisor to its EDR/XDR customers, including those with ESET PROTECT Enterprise, ESET PROTECT Elite, and ESET PROTECT MDR subscriptions – while making performance updates. By investing in AI, businesses are able to access SOC-level advisory, enabling enhanced security analyst workflows. Unlike other vendor offerings and typical generative AI assistants that focus on soft features like administration or device management, ESET AI Advisor seamlessly integrates into the day-to-day operations of security analysts. This is a gamechanger for companies with limited IT resources that want to utilize the advantages of advanced XDR solutions and threat intelligence feeds.

For more information about the ESET LiveSense technologies used by the ESET PROTECT Platform, please visit here.

For more information about the ESET PROTECT Platform, please visit their dedicated webpage.

For more information about ESET Cloud Office Security and the ESET AI Advisor, please visit their webpage and their AI blog.

To discover how ESET has been handling ransomware, please read ESET MDR success stories and ESET Inspect’s preventive power.

 ESET Canada is proud to announce the winners of its 2024 Canadian Partner of the Year Awards, recognizing the outstanding achievements and contributions of our reseller ecosystem, which contributed to our above-market SMB growth and success in the past year. 

2024 Highlights:

• Services Growth: ESET Canada saw a remarkable 70% increase in services over the previous year, driven by the adoption of ESET Managed Detection and Response (MDR), providing 24/7 threat monitoring, detection, and incident response.
• MSP Business: Their MSP business thrived with double-digit growth as they onboarded new partners, and as more partners looked to standardize on their most robust cloud offerings, thanks to the opening of their Canadian data centre.  
• Customer loyalty: ESET Canada achieved it’s target benchmark for renewals, which highlights their strong customer loyalty and satisfaction among the more than 10,000 Canadian businesses they protect. 

2024 Partner of the Year Awards: ESET Canada is thrilled to present the winners of this year’s Partner of the Year Awards:

• SMB Partner of the Year: GB Micro
• Enterprise Partner of the Year: Insight Canada
• Services Partner of the Year: SOS Computer Experts
• MSP Partner of the Year: GAM Tech
• Rising Star Partner of the Year: IO SECURE

Congratulations to all the winners.

Resellers can uncover more growth opportunities at ESET World 2025 in Las Vegas. Secure your spot virtually, today! 

ESET, a global leader in cybersecurity, today announced the anniversary of its Women in Cybersecurity North American Scholarship, launched in 2016 to support and empower women pursuing careers in cybersecurity. As part of its ongoing commitment to fostering diverse talent, ESET is expanding the program in Canada, increasing both the number and value of scholarships available to Canadian applicants.

For a decade, ESET North America has encouraged and uplifted women to pursue careers in cybersecurity, offering financial assistance to help achieve their aspirations. In solidarity with the 2025 International Women’s Day’s #AccelerateAction theme, the Women in Cybersecurity North American Scholarship program is expanding its scope this year with additional awards, enhanced evaluation criteria and a renewed focus on recognizing both technical excellence and emerging potential.

As a long-time advocate for cybersecurity and talent development in Canada, ESET has built strong relationships with key technology hubs, including the city of Markham. Over the years, ESET has received a wealth of strong candidates from Markham and the Greater Toronto Area, reinforcing the region’s reputation as a growing center for cybersecurity innovation. By investing in opportunities for aspiring cybersecurity professionals, ESET aims to support both local talent and the broader cybersecurity workforce.

Pioneering one of the first scholarships of its kind, Celeste Blodgett, Vice President of Human Resources at ESET North America, originated the program at the North American headquarters in San Diego to support women who want to go into technology fields. Bolstered by Celeste’s passion, the program has since awarded scholarships to more than 25 recipients in the U.S. and Canada, and has expanded globally to Australia, the United Kingdom and Singapore.

According to the 2024 Cybersecurity Workforce Study conducted by (ISC), women account for only 14.4% of the cybersecurity workforce, while men make up 79.6%. This stark imbalance underscores the critical need to bring more women into the profession, particularly as emerging technologies like generative AI continue to evolve. ESET is committed to fostering opportunities for women to lead in cybersecurity and AI, helping to bridge this gap and build a more balanced, innovative and equitable future. Diversity in AI development is essential to ensure these tools are ethical, secure and inclusive.

In 2025, ESET North America will award $45,000 in scholarships to support the next generation of cybersecurity professionals. Canadian students will have access to new and expanded awards, including two $5,000 Cybersecurity Trailblazer awards for applicants who demonstrate exceptional technical proficiency and a strong focus on cybersecurity. To mark the tenth anniversary, five new $1,000 Future Leader Awards will be introduced in Canada to recognize emerging talent with great potential in cybersecurity. In the U.S., three $10,000 scholarships will be awarded in the Cybersecurity Trailblazer Award Tier, including one dedicated to a recipient in San Diego, honouring the program’s origins.

The scholarship has already helped many women pursue careers in cybersecurity.

DETAILS AND HOW TO APPLY
Applications are now being accepted for the 2025 round, and submissions must be received by 11:59 p.m. PT on April 8, 2025. Applicants can learn more about the scholarships and submit their application by visiting our dedicated web pages. If you’re a Canadian student, apply here; if you’re a US student, you can apply here.

Questions? Email us at CA-scholarship@eset.com [Canada-only inquiries] or US-scholarship@eset.com [US-only inquiries] with any questions.