Lightnews — Scholar-powered news

Reposted by Ján Trenčanský

Kevin Collier @kevincollier.bsky.social · 1d

I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.

Kim Zetter @kimzetter.bsky.social · 1d

On CISA media call just now to discuss the F5 hack and source code breach, CISA staffer interrupted the discussion to blame the Democrats for the government shutdown and forcing workers to work without pay

5 69 230

Reposted by Ján Trenčanský

Randall Munroe @xkcd.com · 2d

Hot Water Balloon

xkcd.com/3153/

Comic. [Giant balloon reminiscent of a hot air balloon but wavy and laying on the ground with “bloop” “bloop” sound effects. Two people are in a basket attached to one end of the balloon.] [caption] Hot water balloon rides turn out to be significantly less romantic than the air kind.

35 210 2.6K

Reposted by Ján Trenčanský

Catalin Cimpanu @campuscodi.risky.biz · 4d

Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes

8 25 100

Ján Trenčanský @j91321.bsky.social · 6d

1

Reposted by Ján Trenčanský

Catalin Cimpanu @campuscodi.risky.biz · 9d

The Oracle zero-day... kek

labs.watchtowr.com/well-well-we...

2 7 20

Reposted by Ján Trenčanský

Bellingcat @bellingcat.com · 14d

Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/

5 160 280

Ján Trenčanský @j91321.bsky.social · 15d

PR: October is cybersecurity awareness month! Let's start...

Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*

Ján Trenčanský @j91321.bsky.social · 16d

There's probably more, last year he did a workshop for Red team village about satellite hacking. Kind of fits the MO, pick an obscure topic and pretend you're an expert. He also has the highest number of GIAC certs obtained in shortest time I've seen. github.com/poppopjmp/RT...

GitHub - poppopjmp/RTV_LV2024: Red Team Village DEFCON 2024 - Hacking the Skies

Red Team Village DEFCON 2024 - Hacking the Skies. Contribute to poppopjmp/RTV_LV2024 development by creating an account on GitHub.

github.com

3

Ján Trenčanský @j91321.bsky.social · 16d

Yeah, VXUG posted about it some time ago, but it was Defcon. Both talks from the same guy. Both AI slop, same goes for his forked projects on GitHub.

7

Ján Trenčanský @j91321.bsky.social · 19d

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

1 1 2

Reposted by Ján Trenčanský

Eliot Higgins @eliothiggins.bsky.social · 20d

18 48 370

Reposted by Ján Trenčanský

Catalin Cimpanu @campuscodi.risky.biz · 21d

Cisco patched 3 zero-days today...

CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...

And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...

5 9

Reposted by Ján Trenčanský

Kevin Beaumont @doublepulsar.com · 22d

Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?

3 7 17

Reposted by Ján Trenčanský

ESET Research @esetresearch.bsky.social · 27d

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3

Gamaredon X Turla collab

ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

www.welivesecurity.com

1 6 7

Reposted by Ján Trenčanský

Catalin Cimpanu @campuscodi.risky.biz · 28d

Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework

Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...

3 14

Reposted by Ján Trenčanský

Kostas @kostastsale.bsky.social · 29d

🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬

The Windows table just got an update with 3 new sub-categories:

➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s

Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.

1 1

Ján Trenčanský @j91321.bsky.social · Sep 14

Ah yes, Raťafák Plachta, brings back memories. I mean horrors. The department that was responsible for kids shows in Slovak Television has a lot to answer for.

1

Reposted by Ján Trenčanský

ESET Research @esetresearch.bsky.social · Sep 12

HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8

1 2 3

Ján Trenčanský @j91321.bsky.social · Sep 10

Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.

A large group of employees gather inside a Jaguar Land Rover plant for a new model reveal. A covered vehicle is positioned at the floor center surrounded by people in white shirts and black trousers. A stage with a speaker and a large screen displaying the Jaguar and Land Rover logos is set up at the front. Staff line both the ground floor and the balcony above, watching the presentation in the bright atrium with large glass panels in the back showing the factory.

1

Ján Trenčanský @j91321.bsky.social · Sep 9

This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?

Ján Trenčanský @j91321.bsky.social · Sep 8

Looks like everybody finally figured out the same thing I posted about almost two weeks ago.

Ján Trenčanský @j91321.bsky.social · Aug 26

Congratulations to my colleagues on this milestone. Before the headlines kick in, let's consider what this actually is, at best a new sub-technique for T1027 (Obfuscated Files or Information). Not that different from T1027.004 (Compile After Delivery) just an interesting twist on the steps.

ESET Research @esetresearch.bsky.social · Aug 26

PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption. These Lua scripts are cross-platform compatible, functioning on #Windows, #Linux, and #macOS 2/7

Reposted by Ján Trenčanský

Catalin Cimpanu @campuscodi.risky.biz · Sep 8

-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/

2 10 19

Ján Trenčanský @j91321.bsky.social · Sep 7

Looks like my RuneScape account still exists after *checks notes* 12 years.

RuneScape lobby screenshot. You last logged in 4617 days ago.

Ján Trenčanský @j91321.bsky.social · Aug 29

The workshop he had on satellite hacking in Red Team Village last year also fits the pattern of choosing an obscure topic few people have a good understanding of. Too bad the Github repo on that one is empty github.com/poppopjmp/RT...

GitHub - poppopjmp/RTV_LV2024: Red Team Village DEFCON 2024 - Hacking the Skies

Red Team Village DEFCON 2024 - Hacking the Skies. Contribute to poppopjmp/RTV_LV2024 development by creating an account on GitHub.

github.com