CyberSecure Specialist

14 Feb

Naming and shaming: How ransomware groups tighten the screws on victims

Information

Ransomware When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle 12 Feb 2026  •  , 6 min. read In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone. The playbook of ‘yore’ largely…

Read More
11 Feb

Kimwolf Botnet Swamps Anonymity Network I2P

Information, Insights

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers. Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions…

Read More
11 Feb

Taxing times: Top IRS scams to look out for in 2026

Information

It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. Phil Muncaster 10 Feb 2026  •  , 5 min. read To misquote Benjamin Franklin, nothing is certain in this world except for death, taxes and scammers. Unfortunately, with tax filing season now in full swing, the fraudsters are also out in force, doing their best to cash in. The risk of unwittingly sharing personal and…

Read More
10 Feb

Patch Tuesday, February 2026 Edition

Information, Insights

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a malicious link can quietly bypass Windows protections and run attacker-controlled content without warning or consent dialogs. CVE-2026-21510 affects all currently…

Read More
10 Feb

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

Attacks, Insights, Malware

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.  In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in a cyber incident. The malicious cyber activity…

Read More
07 Feb

Organizations Urged to Replace Discontinued Edge Devices

Information, News

US and UK government agencies this week warned of the risks posed by discontinued edge devices, urging organizations to replace them as soon as possible. Edge devices include firewalls, IoT, load balancers, network security appliances, routers, switches, wireless access points, and other software and hardware appliances that route network traffic. Edge devices that have reached end-of-support (EOS) status and no longer receive security updates pose a significant risk to federal networks and enterprise environments, as…

Read More
05 Feb

OfferUp scammers are out in force: Here’s what you should know

Information

The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Phil Muncaster 04 Feb 2026  •  , 6 min. read OfferUp has been in business for nearly 15 years. Although little known outside the US, the marketplace app competes for consumer hearts and minds with industry giants Craigslist, Facebook Marketplace and eBay. And like them, it has a problem with fraud. If…

Read More
03 Feb

A slippery slope: Beware of Winter Olympics scams and other cyberthreats

Information

Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices. Phil Muncaster 02 Feb 2026  •  , 5 min. read Cybercriminals have always been drawn to major sporting events. A combination of global brand awareness and an extensive digital footprint make them a popular option for opportunistic scammers. And events don’t get much bigger or better known than…

Read More
02 Feb

Please Don’t Feed the Scattered Lapsus ShinyHunters

Data Breaches, Information, Insights

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much to contain the stolen data as to stop the escalating personal attacks. But a top SLSH expert warns that engaging…

Read More
31 Jan

DynoWiper update: Technical analysis and attribution

Information

In this blog post, we provide more technical details related to our previous DynoWiper publication. Key points of the report: ESET researchers identified new data-wiping malware that we have named DynoWiper, used against an energy company in Poland. The tactics, techniques, and procedures (TTPs) observed during the DynoWiper incident closely resemble those seen earlier this year in an incident involving the ZOV wiper in Ukraine: Z, O, and V are Russian military symbols. We attribute…

Read More