Naming and shaming: How ransomware groups tighten the screws on victims

When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle

Taxing times: Top IRS scams to look out for in 2026

It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy.

OfferUp scammers are out in force: Here’s what you should know

The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.

A slippery slope: Beware of Winter Olympics scams and other cyberthreats

It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices.

This month in security with Tony Anscombe – January 2026 edition

The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year

DynoWiper update: Technical analysis and attribution

ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation

Drowning in spam or scam emails? Here’s probably why

Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper

Children and chatbots: What parents should know

As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development

Common Apple Pay scams, and how to stay safe

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead

Old habits die hard: 2025’s most common passwords were as predictable as ever

Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

Is it time for internet services to adopt identity verification?

Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.

Your personal information is on the dark web. What happens next?

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Credential stuffing: What it is and how to protect yourself

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts

This month in security with Tony Anscombe – December 2025 edition

As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year

A brush with online fraud: What are brushing scams and how do I stay safe?

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions

ESET Threat Report H2 2025

A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims

Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity

If you don’t look inside your environment, you can’t know its true state – and attackers count on that

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience.

The big catch: How whaling attacks target top executives

Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe.

Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture

Identity is effectively the new network boundary. It must be protected at all costs.

MuddyWater: Snakes by the riverbank

MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook

Oversharing is not caring: What’s at stake if your employees post too much online

From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble.

This month in security with Tony Anscombe – November 2025 edition

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

What parents should know to protect their children from doxxing

Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake.

Influencers in the crosshairs: How cybercriminals are targeting content creators

Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.

MDR is the answer – now, what’s the question?

Why your business needs the best-of-breed combination of technology and human expertise

The OSINT advantage: Find your weak spots before attackers do

Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots

PlushDaemon compromises network devices for adversary-in-the-middle attacks

ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks

What if your romantic AI chatbot can’t keep a secret?

Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything.

How password managers can be hacked – and how to stay safe

Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe

Why shadow AI could be your biggest security blind spot

From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company

In memoriam: David Harley

Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security

The who, where, and how of APT attacks in Q2 2025–Q3 2025

ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q2 2025–Q3 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025

Sharing is scaring: The WhatsApp scam you didn’t see coming

How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data

How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)

Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead

Ground zero: 5 things to do after discovering a cyberattack

When every minute counts, preparation and precision can mean the difference between disruption and disaster

This month in security with Tony Anscombe – October 2025 edition

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

Fraud prevention: How to help older family members avoid scams

Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically

Cybersecurity Awareness Month 2025: When seeing isn't believing

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

Recruitment red flags: Can you spot a spy posing as a job seeker?

Here’s what to know about a recent spin on an insider threat – fake North Korean IT workers infiltrating western firms

How MDR can give MSPs the edge in a competitive market

With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Gotta fly: Lazarus targets the UAV sector

ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group

SnakeStealer: How it preys on personal data – and how you can protect yourself

Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

Cybersecurity Awareness Month 2025: Building resilience against ransomware

Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?

Minecraft mods: Should you 'hack' your game?

Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.

IT service desks: The security blind spot that may put your business at risk

Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.

Cybersecurity Awareness Month 2025: Why software patching matters more than ever

As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.

AI-aided malvertising: Exploiting a chatbot to spread scams

Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.

How Uber seems to know where you are – even with restricted location permissions

Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.

Cybersecurity Awareness Month 2025: Passwords alone are not enough

Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.

The case for cybersecurity: Why successful businesses are built on protection

Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center