Aryeh Goretsky

@[email protected]
442 Followers
1.2K Following
239 Posts

Security researcher and antivirus pioneer who's been at the intersection of security research, education, and community for over three decades.

Formerly the Distinguished Researcher at #ESET, and first employee at #McAfee.

Moderator at the Lenovo, Neowin, and Scots Newsletter forums, and Intel Insider Council member. 14× Microsoft MVP award recipient.

Blog (work)https://www.welivesecurity.com/authors/goretsky
Blog (personal)https://goretsky.wordpress.com/
🦋https://bsky.app/profile/goretsky.bsky.social
Reddithttps://www.reddit.com/u/goretsky
Aryeh Goretsky7h ago
ESET Research20h ago
#ESETresearch has discovered a supply-chain attack targeting stock investors in Vietnam, distributing SPECTRALVIPER through the update mechanism of the FireAnt Metakit stock investment platform. https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/
ESET telemetry suggests that the attack started around October 2025 and ended in March 2026. In our investigation, only a small subset of exposed users received the final backdoor, SPECTRALVIPER, suggesting selective targeting.
Detailed analysis of the supply chain, the contour of OceanLotus’s victimology in recent years, and the architecture of its signature backdoor, SPECTRALVIPER, is available at:
https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/oceanlotus
Show threadAryeh Goretsky2d ago
@chetwisniewski Interesting video: https://youtu.be/WpPIW4aeeag
Samsung's 990 Pro SSD warranty policy is a scam; I'm taking them to court.

YouTube
Show threadAryeh Goretsky3d ago
@chetwisniewski Oof. Hopefully the replacement will last in your array for a long time.
Show threadAryeh Goretsky3d ago
@chetwisniewski Hopefully you'll get the RMA quickly. I've seen a few reports of DRAM/FLASH manufacturers issuing credits for original purchase price instead of RMA. Not too helpful when prices have gone up 500%.
Show threadAryeh Goretsky3d ago
@chetwisniewski The first 20, the last 20, or somewhere-in-the-middle 20?
Aryeh Goretsky4d ago
Catalin Cimpanu4d ago

Microsoft has taken down 73 of its own GitHub source code repositories after they were infected with a worm.

The repos appear to have been infected with Miasma, a variant of the Shai-Hulud worm.

https://opensourcemalware.com/blog/miasma-reaches-azure

The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

GitHub disabled 73 Microsoft repositories across four of its GitHub organizations — the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps — in a 105-second sweep on June 5. The recompromised durabletask package sits at the center, and the fingerprints point at the open-sourced Miasma worm.

Show threadAryeh GoretskyJun 3

@bontchev try:
https[:]//www[.]rainymood[.]com/
https[:]//youtu[.]be/HMnrl0tmd3k
https[:]//youtu[.]be/DIx3aMRDUL4

The two YouTube pages should have the "loop" option enabled. That's what the endlessyoutube[.]com was for prior to YouTube adding that option.

Aryeh GoretskyJun 2
It was 16 years ago today: https://old.reddit.com/r/reddit.com/comments/ca4bl/time_to_get_classy/
Aryeh GoretskyMay 29
ESET ResearchMay 28
#ESETresearch released its latest APT Activity Report (Oct 2025–Mar 2026): 🇨🇳China-aligned groups focused on Venezuela, Gulf states, and AI & robotics industry in 🇰🇷South Korea, while 🇰🇵North Korea-aligned APTs targeted the nuclear sector. Full report: https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q4-2025-q1-2026.pdf
Aryeh GoretskyMay 29

Interesting editorial from Tommi Uhlemann of AV-Comparatives about Microsoft's assertion that Windows 11 no longer requires third-party antivirus: https://av-comparatives.org/is-microsoft-defender-enough/

What's particularly interesting is that Microsoft seems to have walked back this claim, and removed their blog post. It still lives on in the Internet Archive at https://web.archive.org/web/20260421190944/https://www.microsoft.com/en-us/windows/learning-center/best-antivirus-software-for-windows, though.

Is Microsoft Defender enough on its own? The independent view.

Defender has improved a lot. But our latest test data, recent Defender CVEs and the shift to AI-scale vulnerability discovery raise a different question: what do you fall back on when one layer is not enough?

AV-Comparatives