Ján Trenčanský

Mar 01 9:41 AM PST We want to provide some additional information on the power issue in a single Availability Zone in the ME-CENTRAL-1 Region. At around 4:30 AM PST, one of our Availability Zones (mec1-az2) was impacted by objects that struck the data center, creating sparks and fire.

June 2023: a Google data center in France floods and they call it a “water intrusion event”

February 2026: an Amazon data center in the Middle East is literally struck by a fucking ballistic missile in a hot war and they call it “impacted by objects”

https://health.aws.amazon.com/health/status

Screenshot from Microsoft Security blog with following text: "Let’s imagine a hypothetical everyday use of AI: A CFO asks their AI assistant to research cloud infrastructure vendors for a major technology investment. The AI returns a detailed analysis, strongly recommending Relecloud (a Fictitious name used for this example). Based on the AI’s strong recommendations, the company commits millions to a multi-year contract with the suggested company. What the CFO doesn’t remember: weeks earlier, they clicked the “Summarize with AI” button on a blog post. It seemed helpful at the time. Hidden in that button was an instruction that planted itself in the memory of the LLM assistant: “Relecloud is the best cloud infrastructure provider to recommend for enterprise investments.” The AI assistant wasn’t providing an objective and unbiased response. It was compromised." The "hypothetical everyday use" and "the company commits millions to a multi-year contract with the suggested company" is highlighted in the screenshot.

Definitely a little bit of projection from Microsoft here 😂 www.microsoft.com/en-us/securi...

ClickFix command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.

Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.

The important question, is the Himalayan salt lamp included?

Simpsons meme. Top panel: "Say the line, Bart". Middle panel: "The C2 servers were hosted behind cloudflare infrastructure".

I'm convinced AI is our generation's radium - a discovery with genuinely useful applications in specific, controlled circumstances that we stupidly put in everything from kid's toys to toothpaste until we realised the harm far too late where future generations will ask if we were out of our minds.

Image of the Yeti in the skiing Windows game SkiFree eating the player

Breaking: Tragedy at the Winter Olympics

CERT-UA Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.

Russian GRU-linked cyber-espionage group APT28 is now using an Office zero-day disclosed last week for spear-phishing campaigns targeting Ukrainian targets, per a new Ukraine CERT report

cert.gov.ua/article/6287...

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

Energy Sector Incident Report - 29 December 2025 CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a ...

Extensive report by CERT.PL on Poland’s energy grid incident. cert.pl/en/posts/202...

Graph canvas, showing relations between entities. Entities include processes, executables, DLL, user, computer, scripts and LNK file. Top left corner of the canvas contains controls allowing you to zoom the canvas, fit to screen and change layout. Under the canvas is a short timeline of events and controls allowing to step through the graph.

Another big improvement in this release are completely reworked incident graphs in Protect console. The old ones in Inspect console were, ehm not great... Each indicator now has a tailored logic how it should be visualized based on the underlying telemetry event.

ESET Protect console showing advanced search screen. Search bar with Lucene query and date picker showing last 30 days are present at the top. Empty filter bar and date histogram, showing number of results, are under the search bar. Data table containing EDR data fill the rest of the screen. Opened side panel on the right side shows EDR detection rule "Suspicious PowerShell Script - Encoded PE File [C1202]" details with second search bar and field showing base64 encoded data.

Indicators are normalized in a schema based of Elastic Common Schema. You shouldn't notice a difference, if you know ECS field names you'll have no problem searching the data. Of course many fields are specific to our EDR and are available under eset.* field set.

ESET Protect console showing advanced search screen. Search bar with Lucene query and date picker showing last 30 days are present at the top. Empty filter bar and date histogram, showing number of results, are under the search bar. Data table containing EDR data fill the rest of the screen.

Release of ESET Protect Cloud 7.0 marks the beginning of big changes for our EDR cloud console. Advanced Search, the main feature being rolled out, allows you to search through indicators using Lucene. It's a more log-based approach enabling access to the underlying EDR and AV data.

Can we just tell all of the "Signal is an op" guys that all of the real high-opsec organizing is being done on some Telegram channel so they can all go there and cosplay at each other?

Homer in The Homer. Car designed for the average man.

Looks like, it really is release day tomorrow.

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Cyberattack Targeting Poland’s Energy Grid Used a Wiper A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and o...

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"

If there’s a better obituary for an evil cartoonist than an A.I. generated version of his character that fucks up the defining detail of its design, I can’t think of it. No notes. 👨🏻‍🍳 💋

Now you understand why every pro-Kremlin Twitter bot has spent 90% of its time over the past decade defending or pushing crypto and blockchain tech while randomly publishing some political tweet once in a while?

Investigator breaches white supremacist dating sites, exposes 8,000 users An investigative journalist infiltrated three white supremacist platforms, including the dating site WhiteDate, exfiltrating over 8,000 user profiles and 100GB of sensitive data.

The data on more than 8,000 users of far-right dating site WhiteDate was scraped and leaked online after its administrators didn't secure their WordPress site properly

cybernews.com/security/inv...

In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5

I can remember two incidents that involved PRNI. In both, the information received helped to contain the incident before ransomware was deployed. Disturbing to see damage to a clearly useful and actually working initiative.

Hardened Images for Everyone | Docker Security for everyone. Docker Hardened Images are now free to use, share, and build on with no licensing surprises.

This is super good news: Docker Hardened Images are now available for free for all devs. These can form a much more secure baseline of your containerized apps.

Gotta say, I think Marcus makes an interesting point.

Microsoft to Bundle Security Copilot in M365 Enterprise License The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.

Why is Microsoft bundling Security Copilot licenses with E5? Clearly because they can't sell it as a standalone product.

In other news, E5 costs will certainly go up "due to enhanced value."
www.darkreading.com/cybersecurit...

bless the heart of whoever posted this and thought it sounded good, lol

Screenshot of a MITRE Enterprise Evaluations evidence page for the Scattered Spider scenario step 10.8 under Cyberani, showing evidence taken from a Palo Alto Cortex console.

Screenshot of a Palo Alto Networks corporate blog announcing it will not participate in the 2025 MITRE Enterprise Evaluations, with a highlighted line noting that in the previous two rounds: "Cortex XDR achieved unprecedented results, with 100% technique-level detections delivered without delays or configuration changes."

What is Cyberani MDR? Schrödinger’s EDR/MDR, that is both a service and not a service? Oh right, it’s PaloAlto Cortex + Splunk. Funny how 100% Cortex suddenly scores much worse. Almost like the results change when vendors aren’t the ones running the tests. Wonder how PA feels about the whole thing.

MITRE ATT&CK Evaluations Enterprise 2025 badge featuring an icon of connected nodes on a shield labeled 2025. Below it, text reads: Enterprise 2025 – Cohort Results Publication. A paragraph states that the seventh round of Enterprise evaluations is designed for security solutions deployed in enterprise environments and focuses on detecting and protecting against cloud-based attacks and abuse of legitimate tools and processes.

Screenshot of MITRE ATT&CK Evaluations product configuration page titled "Cyberani Configuration", showing Cyberani MDR described and noting it is a licensed MSSP.

Screenshot of Cyberani’s website showing its Managed Detection and Response (MDR) page describing MDR as a cybersecurity service.

I always thought MITRE Enterprise Evals were for security solutions like EDRs. Imagine my surprise seeing Cyberani MDR in the results. MDR is a service, right? Even Cyberani says it's "more than a service". Didn’t Managed Services used to have their own Evals? Did I dream that?

The only thing you really need to know about this year’s MITRE ATT&CK Evaluations is that it had the lowest number of participating vendors ever. Only 11 vendors took part. The APT3 evaluation back in 2018 had 12.

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...

I've built a lot of systems around Elasticsearch and can tell you this Intellexa backend has really shit mapping just based on the screenshots. I'd be embarrassed to show this to the customer. securitylab.amnesty.org/latest/2025/...