CyberSecure Specialist

31 Jan

This month in security with Tony Anscombe – January 2026 edition

Information

The year got off to a busy start, with January offering an early snapshot of the challenges that (not just) cybersecurity teams are likely to face in the months ahead. It’s therefore time for ESET Chief Security Evangelist Tony Anscombe to look back on some of the month’s most impactful cybersecurity stories. Here’s some of what caught Tony’s eye: What are some of the lessons businesses should take away from these incidents? Be sure to…

Read More
29 Jan

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

Information

ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations with specific “girls” – fake profiles probably operated via WhatsApp. Underneath the romance charade, the real purpose of the malicious app, which we named GhostChat, is exfiltration of the victim’s data – both upon first execution and continually while the app…

Read More
28 Jan

Drowning in spam or scam emails? Here’s probably why

Information

Digital Security Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide. Phil Muncaster 27 Jan 2026  •  , 5 min. read For all our modern obsession with social media and messaging apps, email remains a daily staple for many of us. Modern email providers are pretty good at filtering out unsolicited messages known as spam, their checks don’t necessarily…

Read More
28 Jan

Cyber Insights 2026: Offensive Security; Where It Is and Where It’s Going

Information, News

SecurityWeek’s Cyber Insights 2026 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we explore offensive security; where it is today, and where it is going. Cyber red teaming will change more in the next 24 months than it has in the past ten years. Malicious attacks are increasing in…

Read More
28 Jan

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Attacks, Insights, Malware

Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is enabled on devices.1 Users are vulnerable to CVE-2026-24858 even if they updated Fortinet devices to address previously disclosed FortiCloud SSO…

Read More
27 Jan

Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

Insights

Credit: NIST Grab your party hats – it’s Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what’s coming in the new year. Throughout 2026, we plan to continue collaborating…

Read More
26 Jan

Who Operates the Badbox 2.0 Botnet?

Information, Insights

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now…

Read More
24 Jan

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

Information

ESET Research The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper ESET Research 23 Jan 2026  •  , 1 min. read In late 2025, Poland’s energy system faced what has been described as the “largest cyberattack” targeting the country in years. ESET Research has now found that the attack was the work of the notorious Russia-aligned APT group Sandworm. “Based on our analysis of the malware and associated TTPs, we attribute the…

Read More
24 Jan

Children and chatbots: What parents should know

Information

Kids Online As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development Phil Muncaster 23 Jan 2026  •  , 4 min. read AI chatbots have become a big part of all of our lives since they burst onto the scene more than three years ago. ChatGPT, for example, says it has around 700 million weekly active users, many of whom are “young people.” A UK…

Read More
23 Jan

Common Apple Pay scams, and how to stay safe

Information

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Phil Muncaster 22 Jan 2026  •  , 6 min. read Apple Pay is clearly a hit with consumers. According to estimates, it had hundreds of millions of global users and processed trillions of payments in 2025 alone. But where there is money to be made, scammers will not be far behind. Apple is well…

Read More