That Data Breach Alert Might Be a Trap
Data‑breach notifications have exploded, with over 280 million alerts sent in the U.S. last year and daily European incidents rising 22 % in 2025. Cybercriminals are exploiting this flood by sending fake breach alerts that mimic real notices, often using AI‑generated content and brand logos. These scams aim to steal credentials, install malware, or harvest personal and financial data. Experts advise users to pause, verify sources, and adopt strong authentication to avoid falling for these traps.
Supply Chain Dependencies: Have You Checked Your Blind Spot?
Supply‑chain cyber risk is exploding, with third‑party breaches now accounting for 30% of incidents and costs soaring from $46 bn in 2023 to $60 bn in 2025, projected $138 bn by 2031. Yet ESET’s 2026 SMB Cyber Readiness Index shows only about 16%...
Recovery Scammers Hit You when You’re Down: Here’s How to Avoid a Second Strike
Recovery fraud, also called the “second strike,” preys on people who have already been scammed by promising to retrieve lost funds for an upfront fee. In the United States, 2024 recorded over 7,000 cases, netting criminals more than $102 million, and...
As Breakout Time Accelerates, Prevention-First Cybersecurity Takes Center Stage
Cyber attackers are leveraging AI to accelerate ransomware and lateral movement, cutting average breakout time to about 30 minutes—29% faster than a year ago. Roughly 80% of ransomware‑as‑a‑service groups now embed AI or automation in their kits, enabling rapid credential...
This Month in Security with Tony Anscombe – March 2026 Edition
In March 2026, ESET’s chief security evangelist Tony Anscombe highlighted four major cyber incidents. A hack claimed by Iran‑linked Handala crippled med‑tech giant Stryker, wiping over 200,000 devices and exfiltrating 50 TB of data. Google’s Threat Intelligence Group reported that 77 %...
Virtual Machines, Virtually Everywhere – and with Real Security Gaps
Virtual machines have become ubiquitous in multi‑cloud and hybrid environments, but their ease of provisioning has led to unchecked growth, known as VM sprawl. Organizations often leave idle or over‑privileged VMs running without updates or proper monitoring, creating blind spots...
Face Value: What It Takes to Fool Facial Recognition
ESET security advisor Jake Moore demonstrated how consumer‑grade smart glasses, deep‑fake tools, and face‑swap software can defeat widely deployed facial recognition systems. He captured strangers’ faces in real time, created AI‑generated identities to open a bank account, and bypassed a...
Protecting Education: How MDR Can Tip the Balance in Favor of Schools
The education sector faces escalating cyber threats from ransomware gangs, nation‑state actors, and AI‑enabled attackers, putting student data and learning continuity at risk. In the first half of 2025 ransomware incidents rose 23 % year‑over‑year, while infostealer‑as‑a‑service lowers entry barriers for...
This Month in Security with Tony Anscombe – February 2026 Edition
In February 2026, threat actors leveraged commercial generative AI tools to breach over 600 FortiGate firewalls in 55 countries, exploiting exposed management ports and weak credentials. ESET researchers uncovered PromptSpy, the first Android malware that uses generative AI to manipulate user...
Mobile App Permissions (Still) Matter More than You May Think
Mobile app permissions remain a critical security vector, with both iOS and Android prompting users for dangerous permissions at runtime. Excessive or unnecessary permissions—such as background location, accessibility services, or SMS access—can enable data theft, credential harvesting, and device surveillance....
PromptSpy Ushers in the Era of Android Threats Using GenAI
ESET researchers have identified PromptSpy, the first Android malware that leverages Google’s Gemini generative AI to maintain persistence on infected devices. The AI receives a real‑time XML snapshot of the screen and returns JSON‑formatted tap instructions, allowing the app to...
Is Poshmark Safe? How to Buy and Sell without Getting Scammed
Poshmark, a leading social‑commerce app for fashion and home goods, is attracting a surge of fraud as the broader $1.1 trillion industry expands. Its 20 % commission on items over $15 pushes users to negotiate off‑platform, exposing them to phishing, counterfeit, and...
Taxing Times: Top IRS Scams to Look Out for in 2026
Tax season in 2026 is seeing a surge in sophisticated IRS‑related scams, with fraudsters leveraging AI, phishing, and fake W‑2 schemes to steal personal data and refunds. Scammers impersonate the agency via email, text, or phone, demanding payment through gift...
OfferUp Scammers Are Out in Force: Here’s What You Should Know
OfferUp, the 15‑year‑old U.S. marketplace that processes more than 30 million transactions each year, is grappling with a surge of fraud schemes. Scammers routinely steer buyers and sellers toward off‑platform payment methods such as Zelle, Venmo, gift‑card codes, or cash‑app transfers,...
A Slippery Slope: Beware of Winter Olympics Scams and Other Cyberthreats
Cybercriminals are gearing up for the Milano‑Cortina 2026 Winter Olympics, exploiting the event’s global visibility with a surge of phishing, fake ticket sites, malicious streaming platforms, and counterfeit apps. Past Games have seen state‑aligned actors deploy wiper malware and hacktivists...