CyberSecure Specialist

ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated. As with previous iterations of NGate, the malicious code allows the attackers to transfer NFC data from the victim’s payment card to their…

In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint. They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S. history – but never got their cut of the $22 million ransom payment. BlackCat’s operators had taken the money and vanished, putting up a fake FBI seizure notice on their leak site to cover the exit. The grievance almost…

Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Phil Muncaster 17 Apr 2026  •  , 5 min. read Receiving a data breach notice may have once been a rare event. With data breaches hitting record numbers, however, these notifications are no longer as surprising as they once were. In the US alone, there were 3,322 such breaches reported last year, resulting in…

Some cyber business risks only show up when you take a closer look. Supply chain blind spots are a perfect example. Behind these essential third-party connections, products and services can lurk unseen vulnerabilities that precipitate major cyber incidents – halting operations, triggering downstream chaos, and making headlines with their financial, reputational, and legal/compliance impacts. As supply chains become increasingly digitized and complex, they provide cybercriminals a bigger “risk surface” to aim for. Organizations need to…

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. Phil Muncaster 10 Apr 2026  •  , 5 min. read The worst thing you can do after falling victim to fraud is let your guard down. Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they…

Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster 07 Apr 2026  •  , 4 min. read We stand at an interesting point in the never-ending arms race between attackers and defenders. The former are using AI, automation and a range of techniques to sometimes devastating effect. In fact, one report claims that 80% of ransomware-as-a-service (RaaS) groups now…