Lessons for Life: Why Children’s Data Is a Long-Term Identity Risk
Children’s personal data is becoming a lucrative target for identity thieves, with FTC data showing a 40% rise in child identity theft between 2021 and 2024. Synthetic identities built from early‑life information can slip through credit checks, especially as AI tools simplify their creation. Breaches in education, health, and gaming platforms expose millions of minors, while parental oversharing—known as “sharenting”—adds another vulnerability. Experts urge parents, schools, and app developers to adopt strong passwords, MFA, and credit freezes to protect a child’s long‑term financial reputation.
ESET APT Activity Report Q4 2025–Q1 2026
ESET’s Q4 2025‑Q1 2026 APT Activity Report details a surge in nation‑state cyber operations across five major threat actors. China‑aligned groups intensified espionage on maritime, energy and AI targets in Venezuela, Syria, Cambodia, Panama and South Korea, while Iran‑aligned proxies deployed destructive...
Webworm: New Burrowing Techniques
ESET’s 2025 analysis reveals that the China‑aligned APT group Webworm has expanded its toolkit with two novel backdoors—EchoCreep, which leverages Discord, and GraphWorm, which uses Microsoft Graph API via OneDrive—for command‑and‑control. The group has moved its targeting from Asia toward...
Eyes Wide Open: How to Mitigate the Security and Privacy Risks of Smart Glasses
Smart glasses are returning with advanced AI‑driven vision features, allowing users to record video, capture audio, and query real‑time information. Researchers have shown that livestreamed footage can be matched to facial‑recognition databases, turning the devices into portable surveillance tools. Meta’s...
A Rigged Game: ScarCruft Compromises Gaming Platform in a Supply-Chain Attack
ESET researchers uncovered a multi‑platform supply‑chain attack by the North Korea‑aligned APT group ScarCruft against a Yanbian‑focused video‑game platform. The group compromised the Windows client through a malicious update, installing the RokRAT downloader that delivered the sophisticated BirdCall backdoor. An...
This Month in Security with Tony Anscombe – April 2026 Edition
Tony Anscombe reviews April’s top cyber threats, highlighting three major stories: Microsoft’s alert on help‑desk impersonation scams abusing Teams, Iranian‑linked actors targeting nearly 4,000 Rockwell PLCs in U.S. critical‑infrastructure, and the FBI IC3’s record $21 billion loss figure for 2025. The...
The Calm Before the Ransom: What You See Is Not All There Is
The article warns that prolonged periods of security calm breed complacency, causing organizations to over‑estimate their protection and ignore emerging ransomware tactics. It cites Verizon’s 2025 DBIR, which found 54% of ransomware victims had credentials already circulating on dark‑web markets...
What the Ransom Note Won’t Say
In March 2024 a BlackCat ransomware affiliate complained on a cybercrime forum that it never received its share of the $22 million ransom paid after the Change Healthcare breach, alleging the gang vanished with the funds and posted a fake FBI seizure...
That Data Breach Alert Might Be a Trap
Data‑breach notifications have exploded, with over 280 million alerts sent in the U.S. last year and daily European incidents rising 22 % in 2025. Cybercriminals are exploiting this flood by sending fake breach alerts that mimic real notices, often using AI‑generated content...
Supply Chain Dependencies: Have You Checked Your Blind Spot?
Supply‑chain cyber risk is exploding, with third‑party breaches now accounting for 30% of incidents and costs soaring from $46 bn in 2023 to $60 bn in 2025, projected $138 bn by 2031. Yet ESET’s 2026 SMB Cyber Readiness Index shows only about 16%...
Recovery Scammers Hit You when You’re Down: Here’s How to Avoid a Second Strike
Recovery fraud, also called the “second strike,” preys on people who have already been scammed by promising to retrieve lost funds for an upfront fee. In the United States, 2024 recorded over 7,000 cases, netting criminals more than $102 million, and...
As Breakout Time Accelerates, Prevention-First Cybersecurity Takes Center Stage
Cyber attackers are leveraging AI to accelerate ransomware and lateral movement, cutting average breakout time to about 30 minutes—29% faster than a year ago. Roughly 80% of ransomware‑as‑a‑service groups now embed AI or automation in their kits, enabling rapid credential...
This Month in Security with Tony Anscombe – March 2026 Edition
In March 2026, ESET’s chief security evangelist Tony Anscombe highlighted four major cyber incidents. A hack claimed by Iran‑linked Handala crippled med‑tech giant Stryker, wiping over 200,000 devices and exfiltrating 50 TB of data. Google’s Threat Intelligence Group reported that 77 %...
Virtual Machines, Virtually Everywhere – and with Real Security Gaps
Virtual machines have become ubiquitous in multi‑cloud and hybrid environments, but their ease of provisioning has led to unchecked growth, known as VM sprawl. Organizations often leave idle or over‑privileged VMs running without updates or proper monitoring, creating blind spots...
Face Value: What It Takes to Fool Facial Recognition
ESET security advisor Jake Moore demonstrated how consumer‑grade smart glasses, deep‑fake tools, and face‑swap software can defeat widely deployed facial recognition systems. He captured strangers’ faces in real time, created AI‑generated identities to open a bank account, and bypassed a...