ToddyCat, an advanced persistent threat (APT) group, exploited a vulnerability(CVE-2024-11859) in ESET’s command-line scanner using DLL proxying. This technique allowed them to load malicious code stealthily by mimicking legitimate libraries. The attackers used a modified tool named TCESB to bypass security measures and manipulate kernel structures. This incident highlights the need for timely patching and vigilance, even with trusted security software.