I'm convinced AI is our generation's radium - a discovery with genuinely useful applications in specific, controlled circumstances that we stupidly put in everything from kid's toys to toothpaste until we realised the harm far too late where future generations will ask if we were out of our minds.

Breaking: Tragedy at the Winter Olympics

Russian GRU-linked cyber-espionage group APT28 is now using an Office zero-day disclosed last week for spear-phishing campaigns targeting Ukrainian targets, per a new Ukraine CERT report cert.gov.ua/article/6287...

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

Extensive report by CERT.PL on Poland’s energy grid incident. cert.pl/en/posts/202...

Release of ESET Protect Cloud 7.0 marks the beginning of big changes for our EDR cloud console. Advanced Search, the main feature being rolled out, allows you to search through indicators using Lucene. It's a more log-based approach enabling access to the underlying EDR and AV data.

Can we just tell all of the "Signal is an op" guys that all of the real high-opsec organizing is being done on some Telegram channel so they can all go there and cosplay at each other?

Looks like, it really is release day tomorrow.

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"

If there’s a better obituary for an evil cartoonist than an A.I. generated version of his character that fucks up the defining detail of its design, I can’t think of it. No notes. 👨🏻‍🍳 💋

Now you understand why every pro-Kremlin Twitter bot has spent 90% of its time over the past decade defending or pushing crypto and blockchain tech while randomly publishing some political tweet once in a while?

The data on more than 8,000 users of far-right dating site WhiteDate was scraped and leaked online after its administrators didn't secure their WordPress site properly cybernews.com/security/inv...

In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5

I can remember two incidents that involved PRNI. In both, the information received helped to contain the incident before ransomware was deployed. Disturbing to see damage to a clearly useful and actually working initiative.

This is super good news: Docker Hardened Images are now available for free for all devs. These can form a much more secure baseline of your containerized apps.

Gotta say, I think Marcus makes an interesting point.

Why is Microsoft bundling Security Copilot licenses with E5? Clearly because they can't sell it as a standalone product. In other news, E5 costs will certainly go up "due to enhanced value." www.darkreading.com/cybersecurit...

bless the heart of whoever posted this and thought it sounded good, lol

I always thought MITRE Enterprise Evals were for security solutions like EDRs. Imagine my surprise seeing Cyberani MDR in the results. MDR is a service, right? Even Cyberani says it's "more than a service". Didn’t Managed Services used to have their own Evals? Did I dream that?

The only thing you really need to know about this year’s MITRE ATT&CK Evaluations is that it had the lowest number of participating vendors ever. Only 11 vendors took part. The APT3 evaluation back in 2018 had 12.

I've built a lot of systems around Elasticsearch and can tell you this Intellexa backend has really shit mapping just based on the screenshots. I'd be embarrassed to show this to the customer. securitylab.amnesty.org/latest/2025/...

#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT. ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3

Things must be going really well for Cobalt Strike if they’re advertising on …checks notes… Reddit.

Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec

This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...

Short Answer: Fuck no. Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.

I'm glad that, until next year, I don't have to be aware of cybersecurity anymore.

LUCASARTS PRESENTS Columbo in: SCUMM of the Earth #pixelart

Saw some cool glowing rocks last week. My brain: These must be delicious.

Omg, the solution to CIA's Kryptos being discovered by someone becoming a subject matter expert, going on location, and finding the plaintext sitting in a vault several miles away is the absolute *perfect* ending to Kryptos. You couldn't write it. Just absolutely A+ www.nytimes.com/2025/10/16/s...

I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.

Hot Water Balloon xkcd.com/3153/

Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes

The Oracle zero-day... kek labs.watchtowr.com/well-well-we...

Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/

PR: October is cybersecurity awareness month! Let's start... Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

Cisco patched 3 zero-days today... CVE-2025-20352: sec.cloudapps.cisco.com/security/cen... And these two used together: -CVE-2025-20333: sec.cloudapps.cisco.com/security/cen... -CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...

Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese... 1/3

Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework Microsoft: techcommunity.microsoft.com/blog/microso... SentinelOne: www.sentinelone.com/blog/sentine... Palo Alto Networks: www.paloaltonetworks.com/blog/securit...

🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 The Windows table just got an update with 3 new sub-categories: ➡️ VSS Deletion ➡️ Win32 API Telemetry ➡️ JA3/JA3s Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.

HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8

Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.

This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?

Looks like everybody finally figured out the same thing I posted about almost two weeks ago.