ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus to Europe. Even though this is our first public blogpost on the group, we have… Read More "Webworm: New burrowing techniques"
Security experts have urged UK organizations to get ready for an expected surge in new software updates precipitated by vendors using powerful new AI tools to find and fix vulnerabilities. The National Cyber Security Centre’s (NCSC) CTO, Ollie Whitehouse, wrote… Read More "NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”"
The classic tradeoff in cybersecurity has always been simple: more visibility at the cost of speed. But today, that tradeoff is breaking down. As attackers leverage AI to find and exploit vulnerabilities at unprecedented scale, the sheer volume of alerts… Read More "The Context Gap: How Nearly Half of Your Time is Lost to Investigation"
As tensions between President Donald Trump and Europe continue to simmer, the continent is accelerating its moves to reduce its addiction to US technology. Cities and governments are ditching Microsoft Office for open-source alternatives, shifting to European cloud hosting for… Read More "The EU Is Going Through a Trump-Fueled Breakup With Big Tech"
Ravie LakshmananMay 21, 2026Supply Chain Attack / Developer Tools GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft… Read More "GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension"
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters. 14 Jan 2026 • , 5 min. read New legislation in Australia makes it illegal for those under 16 to have a… Read More "Is it time for internet services to adopt identity verification?"
AI has become embedded in organizations, yet fewer than half have any form of AI safety or security policies in place, potentially leaving them exposed to data breaches, privacy failures and other cyber threats. According to new research published by… Read More "AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed"
We’ve established the new forensic reality: a massive 72.9% inventory gap exists between the vendors you monitor and those invisible to your security. We have seen the shortcomings of SSO and its inability to holistically monitor all the vendor applications… Read More "The Shadow Supply Chain: A Pivot To Usage-Based Discovery"
ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations with specific “girls” – fake profiles… Read More "Fake dating app used as lure in targeted spyware campaign in Pakistan"
A long-running phishing operation that abuses signed remote monitoring and management (RMM) software to plant silent, persistent backdoors on victim machines has compromised more than 80 organizations, predominantly in the US. Codenamed Venomous#Helper and active since at least April 2025, the… Read More "Fake SSA Emails Drive Venomous#Helper Phishing Campaign"
