Intelligence Feed
Why geopolitical turmoil is a gift for scammers, and how to stay safe
WeLiveSecurity
15 May 2026
SEV 1/10
Why geopolitical turmoil is a gift for scammers, and how to stay safe Digital Security Conflict is a boon for opportunistic fraudsters. Phil Muncaster 15 May 2026 5 min. read It didn’t take long for tensions in the Middle East to spill over into the cyber domain .
FrostyNeighbor: Fresh mischief and digital shenanigans
WeLiveSecurity
14 May 2026
SEV 4/10
FrostyNeighbor: Fresh mischief and digital shenanigans ESET Research ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations Damien Schaeffer 14 May 2026 10 min. read This blogpost covers newly discovered activities attributed to FrostyNeighbor, targeting governmental organizations in Ukraine. FrostyNeighbor has been running continual cyberoperations, changing and updating its toolset regularly, updating its compromise chain and methods to evade detection – targeting victims located in Eastern Europe, according to our telemetry.
Eyes wide open: How to mitigate the security and privacy risks of smart glasses
WeLiveSecurity
11 May 2026
SEV 3/10
Eyes wide open: How to mitigate the security and privacy risks of smart glasses Privacy Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Phil Muncaster 11 May 2026 5 min.
Fake call logs, real payments: How CallPhantom tricks Android users
WeLiveSecurity
07 May 2026
SEV 3/10
Fake call logs, real payments: How CallPhantom tricks Android users ESET Research ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down Lukas Stefanko 07 May 2026 11 min. read There’s an app for everything nowadays… right? Well, looking up call records for a phone number of choice is one of those things, as potentially millions of Android users found out after paying for app subscriptions promising just that.
Fixing the password problem is as easy as 123456
WeLiveSecurity
07 May 2026
SEV 3/10
Fixing trivial passwords is as easy as 123456 Digital Security Fixing the password problem is as easy as 123456 How come it’s still possible to ‘secure’ an online account with a six-digit string? Tony Anscombe 07 May 2026 4 min. read most-used password globally is exactly what you think it is: ‘123456.’ That’s according to NordPass ’s latest annual report on passwords exposed in data breaches globally.
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
WeLiveSecurity
05 May 2026
SEV 4/10
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack ESET Research ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games Filip Jurčacko 05 May 2026 18 min. read ESET researchers uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor.
This month in security with Tony Anscombe – April 2026 edition
WeLiveSecurity
30 Apr 2026
SEV 1/10
This month in security with Tony Anscombe – April 2026 edition Video Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headlines this month Editor 30 Apr 2026 With April coming to a close, it's time for ESET Chief Security Evangelist Tony Anscombe to look back at some of the top cybersecurity stories that made the news this month. Tony also offers insights that the they may hold for your own cyber-defenses. Here's some of what caught Tony's attention this month: Microsoft has issued a warning about helpdesk impersonation scams where bad actors increasingly misuse external Microsoft Teams collaboration to trick users into granting them remote access.
The calm before the ransom: What you see is not all there is
WeLiveSecurity
24 Apr 2026
SEV 4/10
The calm before the ransomware storm: What you see is not all there is Ransomware The calm before the ransom: What you see is not all there is A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability Tomáš Foltýn 24 Apr 2026 5 min. read There’s a bit of a pattern in the history of organizational failures that repeats too often to be a coincidence: A system runs smoothly for a long stretch, causing everyone to grow confident in it. Almost invariably, this also quietly erodes the vigilance that kept the system running smoothly in the first place.
GopherWhisper: A burrow full of malware
WeLiveSecurity
23 Apr 2026
SEV 3/10
GopherWhisper: A burrow full of malware ESET Research ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions Eric Howard 23 Apr 2026 6 min. read ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal.
New NGate variant hides in a trojanized NFC payment app
WeLiveSecurity
21 Apr 2026
SEV 4/10
New NGate variant hides in a trojanized NFC payment app ESET Research ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI Lukas Stefanko 21 Apr 2026 10 min. read ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated.
What the ransom note won’t say
WeLiveSecurity
20 Apr 2026
SEV 4/10
Ransomware’s back office: What the ransom note won’t say Ransomware What the ransom note won’t say An attack is what you see, but a business operation is what you’re up against Tomáš Foltýn 20 Apr 2026 8 min. read In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint . They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S.
That data breach alert might be a trap
WeLiveSecurity
17 Apr 2026
SEV 4/10
Why that next data breach alert could be a trap Scams That data breach alert might be a trap Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Phil Muncaster 17 Apr 2026 5 min. read Receiving a data breach notice may have once been a rare event.
Supply chain dependencies: Have you checked your blind spot?
WeLiveSecurity
16 Apr 2026
SEV 5/10
Supply chain dependencies: Have you checked your blind spot? Business Security Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
WeLiveSecurity
10 Apr 2026
SEV 3/10
Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ Scams Recovery scammers hit you when you’re down: Here’s how to avoid a second strike If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. Phil Muncaster 10 Apr 2026 5 min. read The worst thing you can do after falling victim to fraud is let your guard down.
As breakout time accelerates, prevention-first cybersecurity takes center stage
WeLiveSecurity
07 Apr 2026
SEV 4/10
As breakout time accelerates, prevention-first cybersecurity takes center stage Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster 07 Apr 2026 4 min.
Digital assets after death: Managing risks to your loved one’s digital estate
WeLiveSecurity
01 Apr 2026
SEV 3/10
Digital assets after death: Managing risks to your loved one’s digital estate Digital Security Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Phil Muncaster 01 Apr 2026 5 min.
This month in security with Tony Anscombe – March 2026 edition
WeLiveSecurity
31 Mar 2026
SEV 1/10
This month in security with Tony Anscombe – March 2026 edition Video The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan Editor 31 Mar 2026 As March 2026 draws to a close, ESET Chief Security Evangelist Tony Anscombe looks at some of the top cybersecurity stories that made the news this month and offers insights that they may hold for your cyber-defenses. Here's Tony's rundown of some of what stood out most over the four or so weeks: The medtech giant Stryker fell victim to a cyberattack that was claimed by the Iran-linked Handala hacktivist group and reportedly wiped “over 200,000 systems, servers, and mobile devices” and stole 50 terabytes of data, Research by the Google Threat Intelligence Group has found that suspected data theft was present in no fewer than 77% of ransomware attacks in 2025 (up from 57% the year prior) and that attackers are increasingly relying on built-in Windows utilities, Starting in May, Instagram will stop encrypting private messages between users, A Europol-led operation has taken down the Tycoon 2FA phishing platform that up to the middle of 2025 accounted for 62% of all phishing attempts blocked by Microsoft, What are some of the lessons businesses should take away from these news stories? Watch the video to learn more and be sure to check out the February 2026 edition of Tony's monthly security news roundup, as well as his highlights from the RSAC 2026 conference that wrapped up just a few days ago.
RSAC 2026 wrap-up – Week in security with Tony Anscombe
WeLiveSecurity
27 Mar 2026
SEV 1/10
RSAC 2026 wrap-up – Week in security with Tony Anscombe Video This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with Editor 27 Mar 2026 That's a wrap on the RSAC™ 2026 Conference . For its 35th edition, the conference drew the usual mix of security practitioners, researchers and vendors. Predictably, AI agents dominated much of the conversation – as a defensive capability, but more pressingly as a risk that many organizations have yet to fully think through.
A cunning predator: How Silver Fox preys on Japanese firms this tax season
WeLiveSecurity
27 Mar 2026
SEV 3/10
A cunning predator: How Silver Fox preys on Japanese firms this tax season Business Security Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them Dominik Breitenbacher Takahiro Sajima 27 Mar 2026 4 min. read Japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and HR‑related communications. A threat actor known as Silver Fox is actively exploiting this busy period by conducting a targeted spearphishing campaign against Japanese manufacturers and other businesses.
Virtual machines, virtually everywhere – and with real security gaps
WeLiveSecurity
25 Mar 2026
SEV 4/10
Virtual machines, virtually everywhere – but not all protected Business Security Virtual machines, virtually everywhere – and with real security gaps Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves Tomáš Foltýn 25 Mar 2026 7 min. read Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public beta testing before rolling out officially in 2008.
Cloud workload security: Mind the gaps
WeLiveSecurity
24 Mar 2026
SEV 4/10
Cloud workload security: Mind the gaps Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026 4 min. read Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity . For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a " Frankencloud ," a patchwork of private and public cloud environments, often further entangled with various on-premise and possibly legacy resources.
Move fast and save things: A quick guide to recovering a hacked account
WeLiveSecurity
20 Mar 2026
SEV 4/10
Move fast and save things: A quick guide to recovering a hacked account Digital Security What you do – and how fast – after an account is compromised often matters more than it may seem Christian Ali Bravo Tomáš Foltýn 20 Mar 2026 6 min. read Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp , Instagram , LinkedIn , Roblox , YouTube Spotify , not to mention finance apps. No online account is off the table.
EDR killers explained: Beyond the drivers
WeLiveSecurity
19 Mar 2026
SEV 4/10
EDR killers explained: Beyond the drivers ESET Research ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers Jakub Souček 19 Mar 2026 24 min. read In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only then launches the encryptor. Besides the dominating Bring Your Own Vulnerable Driver (BYOVD) technique, we also see attackers frequently abusing legitimate anti-rootkit utilities or using driverless approaches to block the communication of endpoint detection and response (EDR) software or suspend it in place.
Face value: What it takes to fool facial recognition
WeLiveSecurity
13 Mar 2026
SEV 1/10
Face value: What it takes to fool facial recognition Privacy ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026 Tomáš Foltýn 13 Mar 2026 2 min. read Facial recognition is increasingly embedded in everything from airport boarding gates to bank onboarding flows. The widely-held assumption is that a face is hard to fake and that matching a live face to a trusted source is a reliable identity signal.
Cyber fallout from the Iran war: What to have on your radar
WeLiveSecurity
12 Mar 2026
SEV 4/10
Cyber fallout from the Iran war: What to have on your radar Business Security The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses. Tomáš Foltýn 12 Mar 2026 8 min.
Sednit reloaded: Back in the trenches
WeLiveSecurity
10 Mar 2026
SEV 6/10
Sednit reloaded: Back in the trenches ESET Research The resurgence of one of Russia’s most notorious APT groups 10 Mar 2026 13 min. read Since April 2024, Sednit’s advanced development team has reemerged with a modern toolkit centered on two paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. This dual‑implant approach enabled long‑term surveillance of Ukrainian military personnel.
What cybersecurity actually does for your business
WeLiveSecurity
06 Mar 2026
SEV 3/10
What cybersecurity actually does for your business Business Security The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed Tomáš Foltýn 06 Mar 2026 5 min. read Cybersecurity is one of the few business functions where success is typically quiet. From the outside, it may even look uneventful.
How SMBs use threat research and MDR to build a defensive edge
WeLiveSecurity
05 Mar 2026
SEV 4/10
How SMBs use threat research and MDR to build a defensive edge Business Security We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses Ben Tudor 05 Mar 2026 7 min. read Corporate IT and security teams have the unenviable task of keeping relentless and increasingly sophisticated adversaries at bay. They’re often faced with limited resources and expanding attack surfaces, but recruiting and retaining top-tier security professionals to run an in-house Security Operations Centre (SOC) is out of reach for many organizations.
Protecting education: How MDR can tip the balance in favor of schools
WeLiveSecurity
04 Mar 2026
SEV 3/10
Protecting education: How MDR can tip the balance in favor of schools Business Security The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? Phil Muncaster 04 Mar 2026 5 min.
This month in security with Tony Anscombe – February 2026 edition
WeLiveSecurity
28 Feb 2026
SEV 1/10
This month in security with Tony Anscombe – February 2026 edition Video In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools Editor 28 Feb 2026 With the second month of 2026 (almost) behind us, it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that moved the needle and offered vital lessons over the past four weeks. Here's Tony's rundown of some of what stood out in February 2026: Threat actors misused commercial generative AI tools to compromise more than 600 FortiGate devices located in 55 countries. Rather than specific vulnerabilities, the attacks exploited exposed management ports and weak credentials without two-factor authentication, according to Amazon Threat Intelligence .
Mobile app permissions (still) matter more than you may think
WeLiveSecurity
27 Feb 2026
SEV 2/10
Mobile app permissions (still) matter more than you may think Mobile Security Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Phil Muncaster 27 Feb 2026 5 min.
Faking it on the phone: How to tell if a voice call is AI or not
WeLiveSecurity
23 Feb 2026
SEV 1/10
Faking it on the phone: How to tell if a voice call is AI or not Scams Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers.
PromptSpy ushers in the era of Android threats using GenAI
WeLiveSecurity
19 Feb 2026
SEV 5/10
PromptSpy ushers in the era of Android threats using GenAI ESET Research ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow Lukas Stefanko 19 Feb 2026 14 min. read ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom , which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner.
Is Poshmark safe? How to buy and sell without getting scammed
WeLiveSecurity
19 Feb 2026
SEV 2/10
How to buy and sell without getting scammed Scams Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Phil Muncaster 19 Feb 2026 5 min.
Is it OK to let your children post selfies online?
WeLiveSecurity
17 Feb 2026
SEV 2/10
Is it OK to let your children post selfies online? Kids Online When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech.
Naming and shaming: How ransomware groups tighten the screws on victims
WeLiveSecurity
12 Feb 2026
SEV 4/10
Naming and shaming: How ransomware groups tighten the screws on victims Ransomware When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle Guilherme Arruda Tomáš Foltýn 12 Feb 2026 6 min. read In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone.
Taxing times: Top IRS scams to look out for in 2026
WeLiveSecurity
10 Feb 2026
SEV 2/10
Taxing times: Top IRS scams to look out for in 2026 Scams It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. Phil Muncaster 10 Feb 2026 5 min.
OfferUp scammers are out in force: Here’s what you should know
WeLiveSecurity
04 Feb 2026
SEV 2/10
OfferUp scammers are out in force: Here’s what you should know Scams The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Phil Muncaster 04 Feb 2026 6 min.
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
WeLiveSecurity
02 Feb 2026
SEV 3/10
A slippery slope: Beware of Winter Olympics scams and other cyberthreats Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices. Phil Muncaster 02 Feb 2026 5 min.
This month in security with Tony Anscombe – January 2026 edition
WeLiveSecurity
30 Jan 2026
SEV 3/10
This month in security with Tony Anscombe – January 2026 edition Video The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year Editor 30 Jan 2026 The year got off to a busy start, with January offering an early snapshot of the challenges that (not just) cybersecurity teams are likely to face in the months ahead. It's therefore time for ESET Chief Security Evangelist Tony Anscombe to look back on some of the month's most impactful cybersecurity stories. Here's some of what caught Tony's eye: the IT service management firm ServiceNow has patched what is the most severe AI-driven security vulnerability found to date; if exploited, CVE-2025-12420 could have let unauthenticated attackers pose as admins on the company's AI platform, how unsecured Zendesk support systems were abused to launch a massive spam campaign , cyber-fraud has displaced ransomware as the top concern among CEOs across the world, according to the World Economic Forum , US sports brand Nike is investigating an alleged cybersecurity incident after a ransomware gang claimed to have stolen 1.4 TB worth of data from the company's systems.
DynoWiper update: Technical analysis and attribution
WeLiveSecurity
30 Jan 2026
SEV 4/10
DynoWiper update: Technical analysis and attribution ESET Research ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector 30 Jan 2026 13 min. read In this blog post, we provide more technical details related to our previous DynoWiper publication. Key points of the report: ESET researchers identified new data-wiping malware that we have named DynoWiper, used against an energy company in Poland.
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
WeLiveSecurity
28 Jan 2026
SEV 4/10
Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan ESET Research ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation Lukas Stefanko 28 Jan 2026 10 min. read ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations with specific “girls” – fake profiles probably operated via WhatsApp.
Drowning in spam or scam emails? Here’s probably why
WeLiveSecurity
27 Jan 2026
SEV 3/10
Drowning in spam or scam emails lately? Here’s why Digital Security Drowning in spam or scam emails? Here’s probably why Has your inbox recently been deluged with unwanted and even outright malicious messages?
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
WeLiveSecurity
23 Jan 2026
SEV 4/10
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 ESET Research The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper 23 Jan 2026 2 min. read UPDATE (January 30 th , 2026): For a technical breakdown of the incident affecting a company in Poland’s energy sector, refer to this blogpost . In late 2025, Poland’s energy system faced what has been described as the “ largest cyberattack ” targeting the country in years.
Children and chatbots: What parents should know
WeLiveSecurity
23 Jan 2026
SEV 1/10
Children and chatbots: What parents should know Kids Online As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development Phil Muncaster 23 Jan 2026 4 min. read AI chatbots have become a big part of all of our lives since they burst onto the scene more than three years ago. ChatGPT, for example, says it has around 700 million weekly active users, many of whom are “young people.” A UK study from July 2025 found that nearly two-thirds (64%) of children use such tools.
Common Apple Pay scams, and how to stay safe
WeLiveSecurity
22 Jan 2026
SEV 2/10
Common Apple Pay scams, and how to stay safe Scams Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Phil Muncaster 22 Jan 2026 6 min. read Apple Pay is clearly a hit with consumers. According to estimates , it had hundreds of millions of global users and processed trillions of payments in 2025 alone.
Old habits die hard: 2025’s most common passwords were as predictable as ever
WeLiveSecurity
20 Jan 2026
SEV 4/10
Old habits die hard: 2025’s most common passwords were as predictable as ever Digital Security Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well Christian Ali Bravo 20 Jan 2026 3 min. read ‘123456’ continues to reign supreme as the most commonly-used password among people across the world, according to two reports, from NordPass Comparitech , respectively. A full 25 percent of the top 1,000 most-used passwords are made up of nothing but numerals.
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself
WeLiveSecurity
16 Jan 2026
SEV 4/10
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Social Media The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are. Phil Muncaster 16 Jan 2026 4 min.
Is it time for internet services to adopt identity verification?
WeLiveSecurity
14 Jan 2026
SEV 3/10
Is it time for internet services to adopt identity verification? Social Media Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
Your personal information is on the dark web. What happens next?
WeLiveSecurity
13 Jan 2026
SEV 4/10
Your information is on the dark web. Privacy Your personal information is on the dark web. If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking.
Credential stuffing: What it is and how to protect yourself
WeLiveSecurity
08 Jan 2026
SEV 4/10
Credential stuffing: What it is and how to protect yourself Digital Security Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts Christian Ali Bravo 08 Jan 2026 4 min. read Reusing the same password across multiple accounts may be convenient, but it sets you up for trouble that can cascade across your digital life. This (bad) habit creates the perfect opening for credential stuffing, a technique where bad actors take a list of previously exposed login credentials and systematically feed the username and password pairs into the login fields of selected online services.
This month in security with Tony Anscombe – December 2025 edition
WeLiveSecurity
29 Dec 2025
SEV 1/10
This month in security with Tony Anscombe – December 2025 edition Video As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year Editor 29 Dec 2025 As we close out 2025, it's time for ESET Chief Security Evangelist Tony Anscombe to review some of the main cybersecurity stories from both the final month of the year and 2025 as a whole. Among the stories that caught Tony's eye are: U.S.-based organizations paid more than $2.1 billion in ransom payments to ransomware gangs from 2022 to 2024, according to the US Financial Crimes Enforcement Network (FinCEN). While staggering, this figure is still just the tip of the iceberg.
A brush with online fraud: What are brushing scams and how do I stay safe?
WeLiveSecurity
23 Dec 2025
SEV 3/10
A brush with online fraud: What are brushing scams and how do I stay safe? Scams Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
WeLiveSecurity
22 Dec 2025
SEV 5/10
Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component ESET Research Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation Romain Dumont 22 Dec 2025 8 min. read ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely.
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
WeLiveSecurity
18 Dec 2025
SEV 4/10
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Research ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions Anton Cherepanov Peter Strýček 18 Dec 2025 24 min. read In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new malware on the same system, none of which had substantial ties to any previously tracked threat actors.
ESET Threat Report H2 2025
WeLiveSecurity
16 Dec 2025
SEV 4/10
ESET Threat Report H2 2025 ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 16 Dec 2025 2 min. read The second half of the year underscored just how quickly attackers adapt and innovate, with rapid changes sweeping across the threat landscape. AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts on the fly.
Black Hat Europe 2025: Was that device designed to be on the internet at all?
WeLiveSecurity
12 Dec 2025
SEV 2/10
Black Hat Europe 2025: Was that device designed to be on the internet at all? Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 3 min. read “ A City of a Thousand Zero Days ” is the partial title of a talk at Black Hat Europe 2025.
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
WeLiveSecurity
11 Dec 2025
SEV 4/10
Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Business Security Black Hat Europe 2025: Reputation matters – even in the ransomware economy Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims Tony Anscombe 11 Dec 2025 4 min. read Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘ Inside the Ransomware Machine’ . The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s research into their practices and operations.
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
WeLiveSecurity
11 Dec 2025
SEV 4/10
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Business Security If you don’t look inside your environment, you can’t know its true state – and attackers count on that Steven Connolly 11 Dec 2025 7 min. read I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity.
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
WeLiveSecurity
10 Dec 2025
SEV 1/10
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece Business Security Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. Márk Szabó James Shepperd Ben Tudor 10 Dec 2025 7 min. read Skip to the next paragraph if your eyes glaze over at the long, long titles of industry reports: the AV-Comparatives Endpoint Prevention and Response Comparative Report 2025, MITRE ATT&CK Evaluations Enterprise 2025, or the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.
The big catch: How whaling attacks target top executives
WeLiveSecurity
09 Dec 2025
SEV 3/10
The biggest catch: How whaling attacks target top executives Business Security The big catch: How whaling attacks target top executives Is your organization’s senior leadership vulnerable to a cyber-harpooning? Phil Muncaster 09 Dec 2025 5 min. read When a hedge fund manager opened up an innocuous Zoom meeting invite , he had little idea of the corporate carnage that was to follow.
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture
WeLiveSecurity
04 Dec 2025
SEV 4/10
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture Business Security Identity is effectively the new network boundary. It must be protected at all costs. Phil Muncaster 04 Dec 2025 4 min.
MuddyWater: Snakes by the riverbank
WeLiveSecurity
02 Dec 2025
SEV 5/10
MuddyWater: Snakes by the riverbank ESET Research MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook 02 Dec 2025 34 min. read ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent targeting of government and critical infrastructure sectors, often leveraging custom malware and publicly available tools.
Oversharing is not caring: What’s at stake if your employees post too much online
WeLiveSecurity
01 Dec 2025
SEV 3/10
Oversharing is not caring: What’s at stake if your employees post too much online Social Media From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble. Phil Muncaster 01 Dec 2025 5 min.
This month in security with Tony Anscombe – November 2025 edition
WeLiveSecurity
28 Nov 2025
SEV 2/10
This month in security with Tony Anscombe – November 2025 edition Video Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news Editor 28 Nov 2025 November 2025 is almost behind us, and it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that raised the alarms, moved the needle or offered vital lessons over the past 30 or so days. Here's some of what caught Tony's eye this month: many of the world's largest Ai companies inadvertently leak their secrets such as API keys, tokens, and sensitive credentials in their GitHub repositories, according to cloud security giant Wiz , the Akira ransomware group has netted $244 million from its malicious activities, according to a joint advisory from government agencies in the US, France, Germany, and the Netherlands, why X's new location feature is a cause for concern , Australia's ban on social media for children under 16 will be enforced, a coordinated law enforcement operation led by Europol and Eurojust disrupted several prolific malware families, including the Rhadamanthys infostealer, Don't forget to check out the October 2025 edition of Tony's monthly security news roundup for more news and insights.. Connect with us on Facebook , X , LinkedIn and Instagram .
What parents should know to protect their children from doxxing
WeLiveSecurity
27 Nov 2025
SEV 2/10
What parents should know to protect their children from doxxing Kids Online Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake. Phil Muncaster 27 Nov 2025 5 min.
Influencers in the crosshairs: How cybercriminals are targeting content creators
WeLiveSecurity
25 Nov 2025
SEV 3/10
Influencers in the crosshairs: How cybercriminals are targeting content creators Social Media Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters. Phil Muncaster 25 Nov 2025 4 min.
MDR is the answer – now, what’s the question?
WeLiveSecurity
24 Nov 2025
SEV 3/10
MDR is the answer – now, what’s the question? Business Security Why your business needs the best-of-breed combination of technology and human expertise Steven Connolly 24 Nov 2025 4 min. read When I was in my mid-teens, I decided to get a job in a small local garage to learn how to maintain cars in preparation for owning my own.
The OSINT advantage: Find your weak spots before attackers do
WeLiveSecurity
20 Nov 2025
SEV 4/10
The OSINT playbook: Find your weak spots before attackers do Privacy The OSINT advantage: Find your weak spots before attackers do Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots Mario Micucci 20 Nov 2025 5 min. read Whatever the reason, we spend vast amounts of time online, tapping into the untold expanse of information, communication and resources. Sometimes, the challenge isn’t finding some data, but knowing what’s relevant, real and worth trusting.
PlushDaemon compromises network devices for adversary-in-the-middle attacks
WeLiveSecurity
19 Nov 2025
SEV 4/10
PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET Research ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks Facundo Muñoz Dávid Gábriš 19 Nov 2025 10 min. read ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure. Key points in this blogpost: We analyzed the network implant EdgeStepper to understand how PlushDaemon attackers compromise their targets.
What if your romantic AI chatbot can’t keep a secret?
WeLiveSecurity
17 Nov 2025
SEV 2/10
What if your romantic AI chatbot can’t keep a secret? Privacy Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything.
How password managers can be hacked – and how to stay safe
WeLiveSecurity
13 Nov 2025
SEV 4/10
Can password managers get hacked? Here’s what to know Digital Security How password managers can be hacked – and how to stay safe Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe Phil Muncaster 13 Nov 2025 5 min. read The average internet user has an estimated 168 passwords for their personal accounts, according to a study from 2024 .
Why shadow AI could be your biggest security blind spot
WeLiveSecurity
11 Nov 2025
SEV 3/10
Why shadow AI could be your biggest security blind spot Business Security From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company Phil Muncaster 11 Nov 2025 5 min. read Shadow IT has long been a thorn in the side of corporate security teams. After all, you can’t manage or protect what you can’t see.
In memoriam: David Harley
WeLiveSecurity
07 Nov 2025
SEV 2/10
In memoriam: David Harley Digital Security Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security Editor 07 Nov 2025 7 min. read The cybersecurity community lost one of its luminaries with the passing of David Harley last week, at the age of 76. Despite being a self-described late entrant to IT, David went on to forge a long and distinguished career in cybersecurity that stretched from the early days of computer viruses until the age of modern ransomware and included a tenure as ESET Senior Research Fellow until his retirement in 2018.
The who, where, and how of APT attacks in Q2 2025–Q3 2025
WeLiveSecurity
07 Nov 2025
SEV 2/10
The who, where, and how of APT attacks in Q2 2025–Q3 2025 Video ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report Editor 07 Nov 2025 Yesterday, the ESET research team released the latest issue of its APT Activity Report that summarizes and contextualizes the cyber-operations of some of the world's most notorious state-aligned hacking groups from April to September 2025. The report documents how the groups targeted entities across sectors and geographies in an attempt to burrow deep into both government and corporate systems and siphon off intelligence, disrupt infrastructure or generate revenue. One notable finding is that the notorious Russia-aligned group Sandworm deployed several data wipers against Ukraine's grain sector in what can be seen as an attempt to harm (not just) the Ukrainian economy.
ESET APT Activity Report Q2 2025–Q3 2025
WeLiveSecurity
06 Nov 2025
SEV 4/10
ESET APT Activity Report Q2 2025–Q3 2025 ESET Research Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 Jean-Ian Boutin 06 Nov 2025 4 min. read ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025. The highlighted operations are representative of the broader landscape of threats we investigated during this period.
Sharing is scaring: The WhatsApp scam you didn’t see coming
WeLiveSecurity
05 Nov 2025
SEV 2/10
Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming Scams Sharing is scaring: The WhatsApp scam you didn’t see coming How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data Christian Ali Bravo 05 Nov 2025 4 min. read Scams and other threats that are doing the rounds on messaging apps like WhatsApp are a stark reminder of how easily even trusted platforms can be weaponized against us. One deceptive tactic that has gained traction recently involves tricking people into sharing their phone screens during a WhatsApp video call.
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
WeLiveSecurity
04 Nov 2025
SEV 2/10
How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Video How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) Think you could never fall for an online scam? Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead Editor 04 Nov 2025 Why do people fall for scams even when they should know better? It’s a question that says more about human nature than about technology.
Ground zero: 5 things to do after discovering a cyberattack
WeLiveSecurity
03 Nov 2025
SEV 4/10
Ground zero: 5 things to do after discovering a cyberattack Business Security When every minute counts, preparation and precision can mean the difference between disruption and disaster Phil Muncaster 03 Nov 2025 5 min. read Network defenders are feeling the heat. The number of data breaches Verizon investigated last year, as a share of overall incidents, was up 20 percentage points on the previous year.
This month in security with Tony Anscombe – October 2025 edition
WeLiveSecurity
31 Oct 2025
SEV 1/10
This month in security with Tony Anscombe – October 2025 edition Video From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now Editor 31 Oct 2025 As October 2025 draws to a close, ESET Chief Security Evangelist Tony Anscombe reviews some of the top cybersecurity stories that made the news over the course of the month and offers insights that they may hold for your own cyber-defenses. Windows 10 reached the end of support on October 14 th of this year. As Windows 10 PCs no longer receive security updates automatically, what are your options if you or your business still uses Windows 10?