CyberSecurity Updates

01 Mar

This month in security with Tony Anscombe – February 2026 edition

Information

In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools 28 Feb 2026 With the second month of 2026 (almost) behind us, it’s time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that moved the needle and offered vital lessons over the past four weeks. Here’s Tony’s rundown of some of what stood out in February 2026: Threat actors…

Read More
28 Feb

Mobile app permissions (still) matter more than you may think

Information

Mobile Security Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Phil Muncaster 27 Feb 2026  •  , 5 min. read App permissions are almost like an invisible sentry, governing what type of data and device access your apps get. If you’ve ever downloaded a new app or activated a new feature, the chances are you will…

Read More
28 Feb

Who is the Kimwolf Botmaster “Dort”?

Information, Insights

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home.…

Read More
27 Feb

Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology

Information, News

President Donald Trump said Friday he was ordering all federal agencies to phase out use of Anthropic technology after the company’s unusually public dispute with the Pentagon over artificial intelligence safety. Trump’s comments came just over an hour before the Pentagon’s deadline for Anthropic to allow unrestricted military use of its AI technology or face consequences — and nearly 24 hours after CEO Dario Amodei said his company “cannot in good conscience accede” to the…

Read More
25 Feb

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Attacks, Insights, Malware

The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies…

Read More
24 Feb

Faking it on the phone: How to tell if a voice call is AI or not

Information

Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers. Phil Muncaster 23 Feb 2026  •  , 4 min. read There was a time when we could believe everything we saw and heard. Unfortunately, those days are probably long gone. Generative AI (GenAI) has democratized the creation of deepfake audio and video, to the point where generating a fabricated clip is as…

Read More
24 Feb

Celebrating Two Years of CSF 2.0!

Insights

Mr. Stephen Quinn joined the National Institute of Standards and Technology (NIST) in 2004 and serves as a senior computer scientist in the Information Technology Laboratory (ITL). Mr. Quinn is the lead author for Integrating NIST risk management project work within the paradigm of Enterprise Risk Management (ERM). He is also program manager for the National Checklist Program and the National Online Informative Reference (OLIR) programs at NIST.  He is a co-originator of the NIST…

Read More
20 Feb

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Information, Insights

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the target and the legitimate site — forwarding the victim’s username, password and multi-factor…

Read More
20 Feb

Is Poshmark safe? How to buy and sell without getting scammed

Information

Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Phil Muncaster 19 Feb 2026  •  , 5 min. read Social commerce has gone mainstream. According to one estimate, the industry was on track to be worth over $1.1 trillion globally in 2025, with over half of young people buying on social media sites. But…

Read More
20 Feb

PromptSpy ushers in the era of Android threats using GenAI

Information

ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom, which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner. Because the attackers…

Read More