Ján Trenčanský
@j91321.bsky.social
EDR R&D team lead at ESET. Opinions are my own.
@j91321@infosec.exchange
@j91321@infosec.exchange
Reposted by Ján Trenčanský
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
November 14, 2025 at 7:40 AM
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
Reposted by Ján Trenčanský
This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...
November 10, 2025 at 1:06 PM
This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...
Reposted by Ján Trenčanský
Short Answer: Fuck no.
Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.
Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.
A new paper suggests a photo can tell a recruiter much about an applicant’s personality
Should facial analysis help determine whom companies hire?
A new paper suggests a photo can tell a recruiter much about an applicant’s personality
econ.st
November 7, 2025 at 8:41 AM
Short Answer: Fuck no.
Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.
Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.
I'm glad that, until next year, I don't have to be aware of cybersecurity anymore.
November 1, 2025 at 5:35 PM
I'm glad that, until next year, I don't have to be aware of cybersecurity anymore.
Reposted by Ján Trenčanský
October 26, 2025 at 4:39 PM
Saw some cool glowing rocks last week.
My brain: These must be delicious.
My brain: These must be delicious.
October 20, 2025 at 3:30 PM
Saw some cool glowing rocks last week.
My brain: These must be delicious.
My brain: These must be delicious.
Reposted by Ján Trenčanský
Omg, the solution to CIA's Kryptos being discovered by someone becoming a subject matter expert, going on location, and finding the plaintext sitting in a vault several miles away is the absolute *perfect* ending to Kryptos. You couldn't write it. Just absolutely A+ www.nytimes.com/2025/10/16/s...
A C.I.A. Secret Kept for 35 Years Is Found in the Smithsonian’s Vault
www.nytimes.com
October 17, 2025 at 12:49 AM
Omg, the solution to CIA's Kryptos being discovered by someone becoming a subject matter expert, going on location, and finding the plaintext sitting in a vault several miles away is the absolute *perfect* ending to Kryptos. You couldn't write it. Just absolutely A+ www.nytimes.com/2025/10/16/s...
Reposted by Ján Trenčanský
I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.
On CISA media call just now to discuss the F5 hack and source code breach, CISA staffer interrupted the discussion to blame the Democrats for the government shutdown and forcing workers to work without pay
October 15, 2025 at 4:24 PM
I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.
Reposted by Ján Trenčanský
![Comic. [Giant balloon reminiscent of a hot air balloon but wavy and laying on the ground with “bloop” “bloop” sound effects. Two people are in a basket attached to one end of the balloon.] [caption] Hot water balloon rides turn out to be significantly less romantic than the air kind.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:cz73r7iyiqn26upot4jtjdhk/bafkreiekfxpa7ftvzd2xpsuyjv5czmrpb5ihpmvnhj3ug5gadsrbbybx6m@jpeg)
October 14, 2025 at 7:53 PM
Reposted by Ján Trenčanský
Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes
October 12, 2025 at 9:48 AM
Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes
Reposted by Ján Trenčanský
October 7, 2025 at 12:42 PM
Reposted by Ján Trenčanský
Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/
October 2, 2025 at 5:10 PM
Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/
PR: October is cybersecurity awareness month! Let's start...
Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*
Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*
October 1, 2025 at 4:30 PM
PR: October is cybersecurity awareness month! Let's start...
Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*
Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*
I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
September 27, 2025 at 6:26 PM
I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
Reposted by Ján Trenčanský
Reposted by Ján Trenčanský
Cisco patched 3 zero-days today...
CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...
And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...
CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...
And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...
September 25, 2025 at 6:27 PM
Cisco patched 3 zero-days today...
CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...
And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...
CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...
And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...
Reposted by Ján Trenčanský
Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?
September 24, 2025 at 1:04 PM
Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?
Reposted by Ján Trenčanský
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3
1/3
Gamaredon X Turla collab
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
www.welivesecurity.com
September 19, 2025 at 9:27 AM
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3
1/3
Reposted by Ján Trenčanský
Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework
Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...
Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...
September 18, 2025 at 6:54 PM
Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework
Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...
Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...
Reposted by Ján Trenčanský
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
September 17, 2025 at 2:31 PM
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
Reposted by Ján Trenčanský
HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8
September 12, 2025 at 9:02 AM
HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8
Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.
September 10, 2025 at 11:57 AM
Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.
This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?
September 9, 2025 at 2:45 PM
This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?
Looks like everybody finally figured out the same thing I posted about almost two weeks ago.
Congratulations to my colleagues on this milestone. Before the headlines kick in, let's consider what this actually is, at best a new sub-technique for T1027 (Obfuscated Files or Information). Not that different from T1027.004 (Compile After Delivery) just an interesting twist on the steps.
September 8, 2025 at 6:23 PM
Looks like everybody finally figured out the same thing I posted about almost two weeks ago.
Reposted by Ján Trenčanský
-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
September 8, 2025 at 8:36 AM
-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/