A malicious npm package has been caught leaking its own hardcoded GitHub token, a blunder that let researchers watch the operator’s data theft unfold from the inside. The package, named mouse5212-super-formatter, was identified by OX Security according to new analysis… Read More "AI-Generated npm Malware Leaks Its Own GitHub Token"
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle 12 Feb 2026 • , 6 min. read In the realm of cybercrime, change is arguably the only… Read More "How ransomware groups tighten the screws on victims"
Hacking groups linked to China have exploited the war in the Middle East in attempts to compromise maritime and energy companies in the region, cybersecurity researchers at ESET have warned. Published on May 28, the latest ESET APT Activity Report… Read More "Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms"
Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. 27 Feb 2026 • , 5 min. read App permissions are almost like… Read More "Mobile app permissions (still) matter more than you may think"
In the UK, a small initiative aimed at helping small and medium enterprises (SMEs) tackle cybersecurity problems is scaling up as it prepares for a bigger future. The Cybersecurity Communities of Support (CyCOS) is a UK research-driven pilot launched by… Read More "Infosecurity Europe: CyCOS Project Expands to Support UK SMEs"
ESET Research Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 28 May 2026 • , 4 min. read ESET APT Activity Report Q4 2025–Q1 2026… Read More "ESET APT Activity Report Q4 2025–Q1 2026"
Law firms across the US are being targeted by increasingly sophisticated threat actors who are moving beyond traditional phishing tactics, now posing as trusted IT staff in both phone calls and face-to-face encounters to infiltrate corporate systems. In a recent… Read More "Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems"
ESET Research Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 06 Nov 2025 • , 4 min. read ESET APT Activity Report Q2 2025–Q3 2025… Read More "ESET APT Activity Report Q2 2025–Q3 2025"
Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have resulted in threat actors getting hold of sensitive internal data. The US firm, which provides developer tools and cloud infrastructure, said in an updated… Read More "Vercel Confirms Cyber Incident – Infosecurity Magazine"
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report 07 Nov 2025 Yesterday, the ESET research team released the latest issue of its APT Activity Report that summarizes… Read More "The who, where, and how of APT attacks in Q2 2025–Q3 2025"
