Ján Trenčanský
@j91321.bsky.social
EDR R&D team lead at ESET. Opinions are my own.
@j91321@infosec.exchange
@j91321@infosec.exchange
Definitely a little bit of projection from Microsoft here 😂 www.microsoft.com/en-us/securi...
February 18, 2026 at 8:54 PM
Definitely a little bit of projection from Microsoft here 😂 www.microsoft.com/en-us/securi...
Reposted by Ján Trenčanský
Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.
February 13, 2026 at 11:48 PM
Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.
Reposted by Ján Trenčanský
I'm convinced AI is our generation's radium - a discovery with genuinely useful applications in specific, controlled circumstances that we stupidly put in everything from kid's toys to toothpaste until we realised the harm far too late where future generations will ask if we were out of our minds.
February 8, 2026 at 10:23 PM
I'm convinced AI is our generation's radium - a discovery with genuinely useful applications in specific, controlled circumstances that we stupidly put in everything from kid's toys to toothpaste until we realised the harm far too late where future generations will ask if we were out of our minds.
Reposted by Ján Trenčanský
Breaking: Tragedy at the Winter Olympics
February 7, 2026 at 3:39 PM
Breaking: Tragedy at the Winter Olympics
Reposted by Ján Trenčanský
Russian GRU-linked cyber-espionage group APT28 is now using an Office zero-day disclosed last week for spear-phishing campaigns targeting Ukrainian targets, per a new Ukraine CERT report
cert.gov.ua/article/6287...
cert.gov.ua/article/6287...
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
cert.gov.ua
February 3, 2026 at 10:43 AM
Russian GRU-linked cyber-espionage group APT28 is now using an Office zero-day disclosed last week for spear-phishing campaigns targeting Ukrainian targets, per a new Ukraine CERT report
cert.gov.ua/article/6287...
cert.gov.ua/article/6287...
Reposted by Ján Trenčanský
#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5
www.welivesecurity.com
January 30, 2026 at 10:29 AM
#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5
Extensive report by CERT.PL on Poland’s energy grid incident. cert.pl/en/posts/202...
Energy Sector Incident Report - 29 December 2025
CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a ...
cert.pl
January 30, 2026 at 10:27 AM
Extensive report by CERT.PL on Poland’s energy grid incident. cert.pl/en/posts/202...
Release of ESET Protect Cloud 7.0 marks the beginning of big changes for our EDR cloud console. Advanced Search, the main feature being rolled out, allows you to search through indicators using Lucene. It's a more log-based approach enabling access to the underlying EDR and AV data.
January 29, 2026 at 9:08 PM
Release of ESET Protect Cloud 7.0 marks the beginning of big changes for our EDR cloud console. Advanced Search, the main feature being rolled out, allows you to search through indicators using Lucene. It's a more log-based approach enabling access to the underlying EDR and AV data.
Reposted by Ján Trenčanský
Can we just tell all of the "Signal is an op" guys that all of the real high-opsec organizing is being done on some Telegram channel so they can all go there and cosplay at each other?
January 29, 2026 at 7:56 PM
Can we just tell all of the "Signal is an op" guys that all of the real high-opsec organizing is being done on some Telegram channel so they can all go there and cosplay at each other?
Looks like, it really is release day tomorrow.
January 28, 2026 at 9:28 PM
Looks like, it really is release day tomorrow.
Reposted by Ján Trenčanský
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
January 23, 2026 at 4:30 PM
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
Reposted by Ján Trenčanský
Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"
Cyberattack Targeting Poland’s Energy Grid Used a Wiper
A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and o...
www.zetter-zeroday.com
January 23, 2026 at 4:33 PM
Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"
Reposted by Ján Trenčanský
If there’s a better obituary for an evil cartoonist than an A.I. generated version of his character that fucks up the defining detail of its design, I can’t think of it. No notes. 👨🏻🍳 💋
January 13, 2026 at 6:47 PM
If there’s a better obituary for an evil cartoonist than an A.I. generated version of his character that fucks up the defining detail of its design, I can’t think of it. No notes. 👨🏻🍳 💋
Reposted by Ján Trenčanský
Now you understand why every pro-Kremlin Twitter bot has spent 90% of its time over the past decade defending or pushing crypto and blockchain tech while randomly publishing some political tweet once in a while?
Illicit cryptocurrency addresses received at least $154 billion in 2025. According to Chainalysis, almost two-thirds of the funds have been linked to sanctions evasion activity. Most came from Russian organizations
www.chainalysis.com/blog/2026-cr...
www.chainalysis.com/blog/2026-cr...
January 10, 2026 at 4:29 PM
Now you understand why every pro-Kremlin Twitter bot has spent 90% of its time over the past decade defending or pushing crypto and blockchain tech while randomly publishing some political tweet once in a while?
Reposted by Ján Trenčanský
The data on more than 8,000 users of far-right dating site WhiteDate was scraped and leaked online after its administrators didn't secure their WordPress site properly
cybernews.com/security/inv...
cybernews.com/security/inv...
Investigator breaches white supremacist dating sites, exposes 8,000 users
An investigative journalist infiltrated three white supremacist platforms, including the dating site WhiteDate, exfiltrating over 8,000 user profiles and 100GB of sensitive data.
cybernews.com
January 5, 2026 at 8:29 PM
The data on more than 8,000 users of far-right dating site WhiteDate was scraped and leaked online after its administrators didn't secure their WordPress site properly
cybernews.com/security/inv...
cybernews.com/security/inv...
Reposted by Ján Trenčanský
In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5
December 29, 2025 at 11:46 AM
In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5
I can remember two incidents that involved PRNI. In both, the information received helped to contain the incident before ransomware was deployed. Disturbing to see damage to a clearly useful and actually working initiative.
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
December 23, 2025 at 6:42 PM
I can remember two incidents that involved PRNI. In both, the information received helped to contain the incident before ransomware was deployed. Disturbing to see damage to a clearly useful and actually working initiative.
Reposted by Ján Trenčanský
This is super good news: Docker Hardened Images are now available for free for all devs. These can form a much more secure baseline of your containerized apps.
Hardened Images for Everyone | Docker
Security for everyone. Docker Hardened Images are now free to use, share, and build on with no licensing surprises.
www.docker.com
December 17, 2025 at 4:31 PM
This is super good news: Docker Hardened Images are now available for free for all devs. These can form a much more secure baseline of your containerized apps.
Reposted by Ján Trenčanský
Gotta say, I think Marcus makes an interesting point.
December 15, 2025 at 7:21 PM
Gotta say, I think Marcus makes an interesting point.
Reposted by Ján Trenčanský
Why is Microsoft bundling Security Copilot licenses with E5? Clearly because they can't sell it as a standalone product.
In other news, E5 costs will certainly go up "due to enhanced value."
www.darkreading.com/cybersecurit...
In other news, E5 costs will certainly go up "due to enhanced value."
www.darkreading.com/cybersecurit...
Microsoft to Bundle Security Copilot in M365 Enterprise License
The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
www.darkreading.com
December 14, 2025 at 4:48 PM
Why is Microsoft bundling Security Copilot licenses with E5? Clearly because they can't sell it as a standalone product.
In other news, E5 costs will certainly go up "due to enhanced value."
www.darkreading.com/cybersecurit...
In other news, E5 costs will certainly go up "due to enhanced value."
www.darkreading.com/cybersecurit...
Reposted by Ján Trenčanský
bless the heart of whoever posted this and thought it sounded good, lol
December 12, 2025 at 2:25 PM
bless the heart of whoever posted this and thought it sounded good, lol
I always thought MITRE Enterprise Evals were for security solutions like EDRs. Imagine my surprise seeing Cyberani MDR in the results. MDR is a service, right? Even Cyberani says it's "more than a service". Didn’t Managed Services used to have their own Evals? Did I dream that?
December 11, 2025 at 9:13 PM
I always thought MITRE Enterprise Evals were for security solutions like EDRs. Imagine my surprise seeing Cyberani MDR in the results. MDR is a service, right? Even Cyberani says it's "more than a service". Didn’t Managed Services used to have their own Evals? Did I dream that?
The only thing you really need to know about this year’s MITRE ATT&CK Evaluations is that it had the lowest number of participating vendors ever. Only 11 vendors took part. The APT3 evaluation back in 2018 had 12.
December 10, 2025 at 5:53 PM
The only thing you really need to know about this year’s MITRE ATT&CK Evaluations is that it had the lowest number of participating vendors ever. Only 11 vendors took part. The APT3 evaluation back in 2018 had 12.
I've built a lot of systems around Elasticsearch and can tell you this Intellexa backend has really shit mapping just based on the screenshots. I'd be embarrassed to show this to the customer. securitylab.amnesty.org/latest/2025/...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 12:16 PM
I've built a lot of systems around Elasticsearch and can tell you this Intellexa backend has really shit mapping just based on the screenshots. I'd be embarrassed to show this to the customer. securitylab.amnesty.org/latest/2025/...