Hello.

Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them. Japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and HR‑related communications. A threat actor known as Silver Fox is actively exploiting this busy period by conducting a targeted spearphishing campaign against Japanese manufacturers and other businesses. The

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. The worst thing you can do after falling victim to fraud is let your guard down. Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they take them. It doesn’t matter if it involves re-victimizing someone who has already been defrauded, raising false hopes and exploiting th

What you do – and how fast – after an account is compromised often matters more than it may seem Cybercriminals go after people’s personal information  across every kind of online platform, including WhatsApp , Instagram , LinkedIn , Roblox , YouTube  and Spotify , not to mention finance apps. No online account is off the table. If one of your own accounts falls victim, the first priority is to avoid losing your cool and act immediately – the faster you move, the more of the

The resurgence of one of Russia’s most notorious APT groups Since April 2024, Sednit’s advanced development team has reemerged with a modern toolkit centered on two paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. This dual‑implant approach enabled long‑term surveillance of Ukrainian military personnel. Interestingly, these current toolsets show a direct code lineage to the group’s 2010‑era implants. Key points of this blo

Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves. Twenty years ago, almost to the day, Amazon Web Services (AWS)  launched  Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service  opened  for public beta testing before rolling out officially in 2008. These events sparked the era of modern on-demand cloud storage and computing that changed h

Cybercriminals can utilize new AI-powered threats for Android before Christmas. Learn how to avoid them. A few weeks before Christmas, it’s not only shopaholics who will go crazy. Cybercriminals too are ready to unleash all their worst tools to scam people who shop online, those expecting deliveries, and even those who want to donate to charity. This has all become a common problem, and many Android users have learned to live with it. However, this season we can expect an unp

ESET Research reveals how cybercriminals have improved their malicious campaigns. In the current AI era, cyber-threats are evolving so quickly that even blog posts only a few weeks old can become outdated in the blink of an eye. During Black Friday 2025, we wrote about new threats targeting Android users ahead of the shopping season and, oh boy, it looks like it’s time to update the list. Since then, ESET researchers have identified new AI‑powered threats as well as updates

As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the  worst enemy of cybersecurity . For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a " Frankencloud ," a patchwork of private and public cloud environments, often f

The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed. Cybersecurity is one of the few business functions where success is typically quiet. From the outside, it may even look uneventful. On the inside, however, it reflects a sequence of seemingly unremarkable processes and controls doing what they were designed to do: stopping technical incidents from escalating into business

Common Criteria (ISO/IEC 15408) is the internationally recognized global standard for IT security evaluation and a key requirement for organizations operating in government, critical infrastructure, healthcare, finance, and other highly regulated sectors. By certifying our flagship endpoint product, ESET strengthens its position in competitive tenders worldwide and ensures alignment with evolving international certification frameworks. This certification highlights ESET’s com