A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
This month in security with Tony Anscombe – April 2026 edition
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 – here’s some of what made the headlines this month
The calm before the ransom: What you see is not all there is
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against
That data breach alert might be a trap
Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot.
Supply chain dependencies: Have you checked your blind spot?
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.
As breakout time accelerates, prevention-first cybersecurity takes center stage
Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.