Protecting Education: How MDR Can Tip the Balance in Favor of Schools
The education sector faces escalating cyber threats from ransomware gangs, nation‑state actors, and AI‑enabled attackers, putting student data and learning continuity at risk. In the first half of 2025 ransomware incidents rose 23 % year‑over‑year, while infostealer‑as‑a‑service lowers entry barriers for criminals. Schools struggle with fragmented IT environments, BYOD devices, and limited security staffing, leaving gaps especially during holidays. Managed detection and response (MDR) offers 24/7 monitoring, AI analytics, and rapid containment to mitigate these challenges.
This Month in Security with Tony Anscombe – February 2026 Edition
In February 2026, threat actors leveraged commercial generative AI tools to breach over 600 FortiGate firewalls in 55 countries, exploiting exposed management ports and weak credentials. ESET researchers uncovered PromptSpy, the first Android malware that uses generative AI to manipulate user...
Mobile App Permissions (Still) Matter More than You May Think
Mobile app permissions remain a critical security vector, with both iOS and Android prompting users for dangerous permissions at runtime. Excessive or unnecessary permissions—such as background location, accessibility services, or SMS access—can enable data theft, credential harvesting, and device surveillance....
PromptSpy Ushers in the Era of Android Threats Using GenAI
ESET researchers have identified PromptSpy, the first Android malware that leverages Google’s Gemini generative AI to maintain persistence on infected devices. The AI receives a real‑time XML snapshot of the screen and returns JSON‑formatted tap instructions, allowing the app to...
Is Poshmark Safe? How to Buy and Sell without Getting Scammed
Poshmark, a leading social‑commerce app for fashion and home goods, is attracting a surge of fraud as the broader $1.1 trillion industry expands. Its 20 % commission on items over $15 pushes users to negotiate off‑platform, exposing them to phishing, counterfeit, and...
Taxing Times: Top IRS Scams to Look Out for in 2026
Tax season in 2026 is seeing a surge in sophisticated IRS‑related scams, with fraudsters leveraging AI, phishing, and fake W‑2 schemes to steal personal data and refunds. Scammers impersonate the agency via email, text, or phone, demanding payment through gift...
OfferUp Scammers Are Out in Force: Here’s What You Should Know
OfferUp, the 15‑year‑old U.S. marketplace that processes more than 30 million transactions each year, is grappling with a surge of fraud schemes. Scammers routinely steer buyers and sellers toward off‑platform payment methods such as Zelle, Venmo, gift‑card codes, or cash‑app transfers,...
A Slippery Slope: Beware of Winter Olympics Scams and Other Cyberthreats
Cybercriminals are gearing up for the Milano‑Cortina 2026 Winter Olympics, exploiting the event’s global visibility with a surge of phishing, fake ticket sites, malicious streaming platforms, and counterfeit apps. Past Games have seen state‑aligned actors deploy wiper malware and hacktivists...
This Month in Security with Tony Anscombe – January 2026 Edition
In January 2026, ESET’s Tony Anscombe highlighted four major security incidents: Nike faced a ransomware claim involving 1.4 TB of data, cyber‑fraud surpassed ransomware as CEOs’ top concern, unsecured Zendesk support systems powered a massive spam campaign, and ServiceNow patched the...
DynoWiper Update: Technical Analysis and Attribution
ESET researchers identified a new data‑wiping malware, DynoWiper, used against a Polish energy company in December 2025. Technical analysis attributes the campaign to the Russian‑aligned Sandworm group with medium confidence, noting similarities to the previously observed ZOV wiper. The malware deployed...
Love? Actually: Fake Dating App Used as Lure in Targeted Spyware Campaign in Pakistan
ESET has uncovered a sophisticated Android spyware campaign that uses a fake dating app, GhostChat, to lure Pakistani users through romance‑scam tactics. The app presents locked female profiles with hard‑coded unlock codes, creating an illusion of exclusive access before installing...
Drowning in Spam or Scam Emails? Here’s Probably Why
Inbox overload of spam and scam messages is often traced to multiple technical and human factors. Recent data breaches, botnet‑driven campaigns, and lax email authentication expose addresses to malicious actors. Compromised accounts and aggressive marketing lists amplify the volume. Experts...
Common Apple Pay Scams, and How to Stay Safe
Apple Pay processes trillions of transactions annually, yet scammers exploit its popularity through social‑engineering tricks and NFC‑based malware. The most common frauds include phishing, marketplace overpayment, fake receipts, unsolicited payments, and public‑Wi‑Fi credential harvesting. Researchers observed a near‑doubling of NFC‑abusing...
Old Habits Die Hard: 2025’s Most Common Passwords Were as Predictable as Ever
In 2025, the password "123456" again topped global lists, accounting for a quarter of the 1,000 most‑used passwords and appearing across all age cohorts. NordPass and Comparitech data show numeric‑only passwords dominate, while the US and UK see "admin" and...
Is It Time for Internet Services to Adopt Identity Verification?
Australia has enacted a law prohibiting anyone under 16 from holding a social‑media account, forcing platforms to purge non‑compliant profiles. The move positions the country as a global test case for age‑based bans and sparks a broader debate on mandatory...
Your Personal Information Is on the Dark Web. What Happens Next?
A surge in data breaches and cyber‑crime tools has flooded the dark web with personal and financial information, with 1,732 incidents reported in the first half of 2025 alone. Threat actors leverage infostealer malware, AI‑generated phishing, and supply‑chain attacks to...
Credential Stuffing: What It Is and How to Protect Yourself
Credential stuffing exploits reused passwords by feeding leaked username‑password pairs into login forms across services. The technique surged as data breaches and infostealer malware supply vast credential caches, with 62% of Americans admitting frequent reuse. High‑profile incidents—35,000 PayPal accounts in...
This Month in Security with Tony Anscombe – December 2025 Edition
Tony Anscombe, ESET’s chief security evangelist, recaps the year’s most consequential cyber events in his December 2025 roundup. He highlights that U.S. organizations paid more than $2.1 billion in ransomware ransom from 2022‑2024, a figure FinCEN says only scratches the surface. The...
A Brush with Online Fraud: What Are Brushing Scams and How Do I Stay Safe?
Global e‑commerce sales are set to surpass $6.4 trillion in 2025, fueling intense competition on marketplace review systems. Brushing scams exploit this pressure by sending low‑value items to random addresses, then posting fabricated 5‑star reviews to inflate product rankings. Victims often...
LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan
ESET has identified a previously unknown China‑aligned advanced persistent threat (APT) group, dubbed LongNosedGoblin, targeting governmental entities in Southeast Asia and Japan. The group’s hallmark is the abuse of Windows Group Policy to distribute a suite of custom C#/.NET tools,...
ESET Threat Report H2 2025
The second half of 2025 saw AI‑driven malware become operational, highlighted by PromptLock, the first known AI‑generated ransomware. Lumma Stealer’s presence faded dramatically, with detections dropping 86% after its May disruption. CloudEyE (GuLoader) exploded in prevalence, increasing thirty‑fold and serving...
Black Hat Europe 2025: Was that Device Designed to Be on the Internet at All?
At Black Hat Europe 2025, Zero Science Lab highlighted a building‑management system used in over 1,000 global facilities that runs on an 18‑year‑old, publicly‑exposed software platform riddled with vulnerabilities. The talk traced the problem to a series of acquisitions that left security...
Black Hat Europe 2025: Reputation Matters – Even in the Ransomware Economy
At Black Hat Europe 2025, Max Smeets dissected LockBit’s ransomware‑as‑a‑service operation, revealing 194 affiliates and 80 successful ransom payments between 2022‑2024. He argued that reputation drives both victim and attacker behavior: companies that pay attract more media scrutiny, while ransomware...
Locks, SOCs and a Cat in a Box: What Schrödinger Can Teach Us About Cybersecurity
The article likens an organization’s unseen breach risk to Schrödinger’s cat, arguing that without active visibility a firm exists in a dual breached‑or‑not state. Recent high‑profile attacks by Scattered Spider on Marks & Spencer and Jaguar Land Rover illustrate long...
Seeking Symmetry During ATT&CK® Season: How to Harness Today’s Diverse Analyst and Tester Landscape to Paint a Security Masterpiece
The article maps the sprawling landscape of endpoint‑security analyst reports—from Gartner and Forrester market quadrants to AV‑Comparatives labs and MITRE ATT&CK Evaluations—showing how security leaders can stitch them together into a coherent picture. It likens the process to an artist’s...
The Big Catch: How Whaling Attacks Target Top Executives
Whaling attacks—spear‑phishing campaigns aimed at C‑suite leaders—are delivering multi‑million‑dollar losses, exemplified by a $8.7 million fraud that crippled Levitas Capital. Executives’ privileged access, time pressure, and public visibility make them prime targets for business‑email‑compromise schemes. The rise of generative AI now...