Hello.

Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Fashion and many other trends have a way of reappearing every few years. So we probably shouldn’t be surprised that smart glasses are doing the rounds once more, after a failed attempt by Google to popularize them over a decade ago. The difference this time round is that they’re not just more stylish – and arguably harder to tell from regular

ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down There’s an app for everything nowadays… right? Well, looking up call records for a phone number of choice is not one of those things, as potentially millions of Android users found out after paying for app subscriptions promising just that. The offending apps, which we named CallPhantom

How come it’s still possible to ‘secure’ an online account with a six-digit string? The most-used password globally is exactly what you think it is: ‘123456.’ That’s according to NordPass’s latest annual report on passwords exposed in data breaches globally. Other all-too-predictable choices, such as ‘123456789’, ‘12345678’, ‘12345’ and ‘admin’, also prove to have staying power year after year. My first instinct is to dismiss this as scaremongering fodder, especially given th

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games. ESET researchers uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android

Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. We stand at an interesting point in the never-ending arms race between attackers and defenders. The former are using AI, automation and a range of techniques to sometimes devastating effect. In fact, one report claims that 80% of ransomware-as-a-service (RaaS) groups now offer AI or automation as features – and, of course, there’s a

ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI. ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated. As with previous iterations of NGate, t

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions. ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal. In the observed campaign, the threat actors targeted a governmental entity in Mon

A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability There’s a bit of a pattern in the history of organizational failures that repeats too often to be a coincidence: A system runs smoothly for a long stretch, causing everyone to grow confident in it. Almost invariably, this also quietly erodes the vigilance that kept the system running smoothly in the first place. And then the system fails – at the precise moment when everyone i

An attack is what you see, but a business operation is what you're up against In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint . They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S. history – but never got their cut of the $22 million ransom payment . BlackCat’s operators had taken the money and vanished, putting up a fake FBI seizure notice on their leak site to cover t

Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Receiving a data breach notice may have once been a rare event. With data breaches hitting record numbers, however, these notifications are no longer as surprising as they once were. In the US alone, there were 3,322 such breaches reported last year, resulting in nearly 280 million notices being emailed to victims. In Europe, daily incidents grew by 2