Aryeh Goretsky

Still waiting for book store pics, @sparklespanx.bsky.social.

#BREAKING #ESETresearch has discovered the first known Android malware to use generative AI in its execution flow; we have named it #PromptSpy. The malware abuses Google’s #Gemini to achieve persistence on the compromised device. www.welivesecurity.com/en/eset-rese... 1/6

One of the things I'm really big on is communities, and one that regularly polls its members generates interesting data. Here's an article I wrote about tech news site @neowin.net's software + hardware polls, looking at some of that data.

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.

#ESETresearch has uncovered a new #Android spyware campaign using novel romance scam tactics to target individuals in 🇵🇰 Pakistan, with an added social engineering element previously unseen in similar schemes. www.welivesecurity.com/en/eset-rese... 1/9

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

In H2 2025, #ESETresearch saw a thirtyfold increase in #CloudEyE detections, amounting to more than 100,000 hits over the course of six months. CloudEyE is a #MaaS downloader and cryptor used to conceal and deploy other malware, such as #Rescoms, #Formbook, and #Agent Tesla. 1/5

Nice.

It was 25 years ago this month that Tribal Voice's PowWow messaging software shut down.

It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.

In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5

Introducing Panther Lake: By the Numbers Intel® Core™ Ultra series 3 processors go on sale in January 2026

Yes, an Intel Core Ultra 3 series CPU. They were announced a couple of months ago: newsroom.intel.com/client-compu...

#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6

Exactly the sort of thing Microsoft should be focusing on—under the hood performance improvements to Windows.

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions.

#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7

Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows The US indicts Russian hackers for cyberattacks on critical infrastructure, detailing incidents in Missouri, Texas, and California.

Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows
united24media.com/latest-news/...
via @united24media.com

🔴 The US has unsealed an indictment revealing how Russian GRU hackers targeted critical infrastructure, including a Missouri regional airport, water facilities in Texas, Pennsylvania, and Indiana, and a California meat-packing plant.

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her r...

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups www.justice.gov/opa/pr/justi...

Interesting. Seems ClickFix/Fake CAPTCHA scams are migrating to fake Windows Update messages:
old.reddit.com/r/antivirus/...

#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4

MuddyWater: Snakes by the riverbank MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.

#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT.
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3

NEW: Israeli and Arab media have reported that Iran is prepared to expand an Israel-Hezbollah conflict regionally if Israel launches operations against Hezbollah. 🧵(1/4)

Full update: isw.pub/IranUpdate12...

Oof… you're right. It's flagged as an impersonation account.

I don't normally have a lot to say about my Congressperson Jeff Crank, but kudos to him & his staff for this mailing; the holidays are prime time for scammers to prey on people & this is a good reminder.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.

Trip Report: BSidesCOS 2025 If you go on a business trip, it is bring value to your employer in some way. As an antivirus researcher, my business trips are typically to conferences, and what I am expected to bring back is kno…

My trip report for #BSides Colorado Springs 2025 computer security conference is now live at goretsky.wordpress.com/2025/11/26/t....

If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

My in-depth (~15 page) review of the #Lenovo #ThinkPad X9 15 Gen 1 Aura Edition after 6+ months of use is now up on @neowin.net!

#ThinkPadThursday #LenovoIN

PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5

Glad to be of assistance. Hopefully @mozilla.org will take notice and remove this feature or at least make it opt-in by *default*.

Looks like @mozilla.org has added a new feature to #Firefox, the ability to search for images via #Google Lens when right-clicking on them.

Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"