Internet Security
Forgotten UEFI shims undermining Secure Boot
ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities...
ESET Threat Report H1 2026
A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts....
Cyber readiness for SMBs: Getting the basics right
AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps...
This month in security with Tony Anscombe – June 2026 edition
Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026...
Inside the inbox: Why cybercriminals want to break into your email account
Your inbox is an identity system all of its own: whoever owns it may own a lot more...
SMB cyber readiness: the road to resilience starts here
Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience....
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data...
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights...
Killing me gently: Inside Gentlemen’s EDR killer framework
ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen...
Protecting legacy OT systems against modern cyberthreats
Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks....
FishMonger’s arsenal upgraded: SprySOCKS for Windows
ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness...
EvilTokens: A phishing attack that doesn’t steal your password
A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages...
OceanLotus: From external espionage to domestic targeting
A shift in operational pattern of the infamous Vietnam-aligned APT group...
Unpacking SMB cyber-readiness – and what makes or breaks it
A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment...
Cybercriminals: the 'auditors' you never hired
Every organisation gets audited. The question is who does the auditing....
Lessons for life: Why children’s data is a long-term identity risk
Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe....
This month in security with Tony Anscombe – May 2026 edition
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit...
ESET APT Activity Report Q4 2025–Q1 2026
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026...
What to consider before asking an AI chatbot for health advice
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe....
BTMOB: A stealthy RAT burrowing deep into Android devices
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise...
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data...
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal...
The quest for greater tech independence
A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies...
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Conflict is a boon for opportunistic fraudsters. Look out for their ploys....
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations...
Eyes wide open: How to mitigate the security and privacy risks of smart glasses
Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk....
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down...
Fixing the password problem is as easy as 123456
How come it’s still possible to ‘secure’ an online account with a six-digit string?...
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games...
This month in security with Tony Anscombe – April 2026 edition
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headlines this month...
The calm before the ransom: What you see is not all there is
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability...
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions...
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI...
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against...
That data breach alert might be a trap
Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot....
Supply chain dependencies: Have you checked your blind spot?
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?...
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse....
As breakout time accelerates, prevention-first cybersecurity takes center stage
Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy....
Digital assets after death: Managing risks to your loved one’s digital estate
Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay....
This month in security with Tony Anscombe – March 2026 edition
The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan...
RSAC 2026 wrap-up – Week in security with Tony Anscombe
This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...
A cunning predator: How Silver Fox preys on Japanese firms this tax season
Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them...
Virtual machines, virtually everywhere – and with real security gaps
Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves...
Cloud workload security: Mind the gaps
As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning...
Move fast and save things: A quick guide to recovering a hacked account
What you do – and how fast – after an account is compromised often matters more than it may seem...
EDR killers explained: Beyond the drivers
ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers...
Face value: What it takes to fool facial recognition
ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026...
Cyber fallout from the Iran war: What to have on your radar
The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses....
Sednit reloaded: Back in the trenches
The resurgence of one of Russia’s most notorious APT groups...
What cybersecurity actually does for your business
The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed...
How SMBs use threat research and MDR to build a defensive edge
We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses...
Protecting education: How MDR can tip the balance in favor of schools
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative?...
This month in security with Tony Anscombe – February 2026 edition
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools...
Mobile app permissions (still) matter more than you may think
Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks....
Faking it on the phone: How to tell if a voice call is AI or not
Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers....
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow...
Is Poshmark safe? How to buy and sell without getting scammed
Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches....
Is it OK to let your children post selfies online?
When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech....
Naming and shaming: How ransomware groups tighten the screws on victims
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle...
Taxing times: Top IRS scams to look out for in 2026
It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy....
OfferUp scammers are out in force: Here’s what you should know
The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams....
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices....
This month in security with Tony Anscombe – January 2026 edition
The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year...
DynoWiper update: Technical analysis and attribution
ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector...
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation...
Drowning in spam or scam emails? Here’s probably why
Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide....
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper...
Children and chatbots: What parents should know
As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development...
Common Apple Pay scams, and how to stay safe
Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead...
Old habits die hard: 2025’s most common passwords were as predictable as ever
Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well...
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself
The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are....
Is it time for internet services to adopt identity verification?
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters....
Your personal information is on the dark web. What happens next?
If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do....
Credential stuffing: What it is and how to protect yourself
Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts...
This month in security with Tony Anscombe – December 2025 edition
As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year...
A brush with online fraud: What are brushing scams and how do I stay safe?
Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow....
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation...
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions...
ESET Threat Report H2 2025
A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts...
Black Hat Europe 2025: Was that device designed to be on the internet at all?
Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found...
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims...
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don’t look inside your environment, you can’t know its true state – and attackers count on that...
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience....
The big catch: How whaling attacks target top executives
Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe....
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture
Identity is effectively the new network boundary. It must be protected at all costs....
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook...
Oversharing is not caring: What’s at stake if your employees post too much online
From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble....
This month in security with Tony Anscombe – November 2025 edition
Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news...
What parents should know to protect their children from doxxing
Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake....
Influencers in the crosshairs: How cybercriminals are targeting content creators
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters....
MDR is the answer – now, what’s the question?
Why your business needs the best-of-breed combination of technology and human expertise...
The OSINT advantage: Find your weak spots before attackers do
Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots...
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks...
What if your romantic AI chatbot can’t keep a secret?
Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything....
How password managers can be hacked – and how to stay safe
Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe...
Why shadow AI could be your biggest security blind spot
From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company...
In memoriam: David Harley
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security...
The who, where, and how of APT attacks in Q2 2025–Q3 2025
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report...
ESET APT Activity Report Q2 2025–Q3 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025...
Sharing is scaring: The WhatsApp scam you didn’t see coming
How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data...