Daniel Gordon
@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
I’ve presented at a lot of conferences over the years. A LOT of them. This year I’m trying some new things and this one will be a SO much different than anything I’ve done before. luma.com/m6q8aqcw
darkMode 2026 · Luma
About
The Security Alliance (SEAL) is a non-profit founded in 2023 with a simple mission: to secure the future of crypto. Over the past few years, SEAL has…
luma.com
February 7, 2026 at 3:57 AM
I’ve presented at a lot of conferences over the years. A LOT of them. This year I’m trying some new things and this one will be a SO much different than anything I’ve done before. luma.com/m6q8aqcw
While VT is not perfect, this seems like a pretty good step towards scanning an ecosystem badly in need of clean up. openclaw.ai/blog/virusto...
OpenClaw Partners with VirusTotal for Skill Security — OpenClaw Blog
ClawHub skills are now scanned by VirusTotal's threat intelligence platform—bringing industry-leading security to the AI agent ecosystem.
openclaw.ai
February 6, 2026 at 9:27 PM
While VT is not perfect, this seems like a pretty good step towards scanning an ecosystem badly in need of clean up. openclaw.ai/blog/virusto...
Reposted by Daniel Gordon
There’s a pretty big delta between the long term benefit and the short term yikes of this.
In the short term, open source software isn’t staffed to fix dozens of vulns at a time. If Claude will be public, so will a lot of problems that projects won’t have the bandwidth to fix right away.
In the short term, open source software isn’t staffed to fix dozens of vulns at a time. If Claude will be public, so will a lot of problems that projects won’t have the bandwidth to fix right away.
Anthropic's newest AI model uncovered 500 zero-day software flaws in testing
The AI company sees the model's advancements as a major win for cyber defenders in the race against adversarial AI.
www.axios.com
February 6, 2026 at 8:13 AM
There’s a pretty big delta between the long term benefit and the short term yikes of this.
In the short term, open source software isn’t staffed to fix dozens of vulns at a time. If Claude will be public, so will a lot of problems that projects won’t have the bandwidth to fix right away.
In the short term, open source software isn’t staffed to fix dozens of vulns at a time. If Claude will be public, so will a lot of problems that projects won’t have the bandwidth to fix right away.
Reposted by Daniel Gordon
economists ran the numbers and, uh, it's bad!
Vibe Coding Is Killing Open Source Software, Researchers Argue
‘If the maintainers of small projects give up, who will produce the next Linux?’
www.404media.co
February 5, 2026 at 4:49 PM
economists ran the numbers and, uh, it's bad!
Reposted by Daniel Gordon
Reminder that the #PIVOTcon2026 CFP closes this Friday, February 6. Get those papers in. We want to see you at @pivotcon.bsky.social in Malaga! 😎
two purple beach chairs on the beach with the words these are waiting for us
ALT: two purple beach chairs on the beach with the words these are waiting for us
media.tenor.com
February 3, 2026 at 3:59 PM
Reminder that the #PIVOTcon2026 CFP closes this Friday, February 6. Get those papers in. We want to see you at @pivotcon.bsky.social in Malaga! 😎
Reposted by Daniel Gordon
You say "Security Feature Bypass"... I say.... "Remote Code Execution":
msrc.microsoft.com/update-guide...
msrc.microsoft.com/update-guide...
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
February 3, 2026 at 12:14 PM
You say "Security Feature Bypass"... I say.... "Remote Code Execution":
msrc.microsoft.com/update-guide...
msrc.microsoft.com/update-guide...
Targeted activity despite the widespread potential access from Notepad++ huge user base.
Additional details:
community.notepad-plus-plus.org/topic/27212/...
doublepulsar.com/small-number...
Additional details:
community.notepad-plus-plus.org/topic/27212/...
doublepulsar.com/small-number...
February 2, 2026 at 12:06 PM
Targeted activity despite the widespread potential access from Notepad++ huge user base.
Additional details:
community.notepad-plus-plus.org/topic/27212/...
doublepulsar.com/small-number...
Additional details:
community.notepad-plus-plus.org/topic/27212/...
doublepulsar.com/small-number...
Attribution to Dragonfly instead of Sandworm was quite a plot twist! cert.pl/en/posts/202...
Energy Sector Incident Report - 29 December 2025
CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a ...
cert.pl
January 30, 2026 at 10:55 AM
Attribution to Dragonfly instead of Sandworm was quite a plot twist! cert.pl/en/posts/202...
Crowdstrike finally caught up with what the rest of the industry has been seeing for years. Still not acknowledging that Moonstone Sleet exists though 🤷♂️ www.crowdstrike.com/en-us/blog/l...
LABYRINTH CHOLLIMA Evolves into Three Adversaries | CrowdStrike
LABYRINTH CHOLLIMA has evolved into three distinct adversaries with specialized malware, objectives, and tradecraft. Learn more.
www.crowdstrike.com
January 29, 2026 at 5:00 PM
Crowdstrike finally caught up with what the rest of the industry has been seeing for years. Still not acknowledging that Moonstone Sleet exists though 🤷♂️ www.crowdstrike.com/en-us/blog/l...
Reposted by Daniel Gordon
This is my biggest pet peeve about dashboards: what is someone going to *do* when they get this information? If it's "be informed" that's the same as saying "nothing" and why did you even bother?
We need to start thinking about information’s value being decision-centric. what makes outlets like Financial Times so good is that the model reader is, well, a financial decision-maker. Whereas other papers cater to someone whose only purpose is a nebulous “being informed.”
January 28, 2026 at 3:48 PM
This is my biggest pet peeve about dashboards: what is someone going to *do* when they get this information? If it's "be informed" that's the same as saying "nothing" and why did you even bother?
Reposted by Daniel Gordon
Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable
Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites
The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of ...
www.zetter-zeroday.com
January 28, 2026 at 2:53 PM
Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable
Reposted by Daniel Gordon
Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"
Cyberattack Targeting Poland’s Energy Grid Used a Wiper
A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and o...
www.zetter-zeroday.com
January 23, 2026 at 4:33 PM
Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"
Reposted by Daniel Gordon
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
January 23, 2026 at 4:30 PM
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
Reposted by Daniel Gordon
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/g...
Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states | TechCrunch
The Norwegian hacker talks about her new venture aimed at protecting journalists and critics from powerful adversaries.
techcrunch.com
January 23, 2026 at 11:37 AM
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/g...
Reposted by Daniel Gordon
🔊 The Call for Papers is now open for VB2026!
We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14–16 October 2026 in Seville, Spain.
📅 Deadline: 9 April 2026
📝 Submit your abstract: www.virusbulletin.com/conference/v...
We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14–16 October 2026 in Seville, Spain.
📅 Deadline: 9 April 2026
📝 Submit your abstract: www.virusbulletin.com/conference/v...
January 22, 2026 at 2:02 PM
🔊 The Call for Papers is now open for VB2026!
We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14–16 October 2026 in Seville, Spain.
📅 Deadline: 9 April 2026
📝 Submit your abstract: www.virusbulletin.com/conference/v...
We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14–16 October 2026 in Seville, Spain.
📅 Deadline: 9 April 2026
📝 Submit your abstract: www.virusbulletin.com/conference/v...
Reposted by Daniel Gordon
Reposted by Daniel Gordon
-Hackers disrupt Iranian state TV broadcast
-Another Apple contractor gets ransomed
-Makina Finance hacked for $4.2m, barely feels it
-CISA head wanted to fire the CIO
-Report Fraud launches in the UK
-Millions of cards blocked in Russia due to new bank fraud rules
-Tudou Guarantee shuts down
-Another Apple contractor gets ransomed
-Makina Finance hacked for $4.2m, barely feels it
-CISA head wanted to fire the CIO
-Report Fraud launches in the UK
-Millions of cards blocked in Russia due to new bank fraud rules
-Tudou Guarantee shuts down
January 21, 2026 at 9:04 AM
-Hackers disrupt Iranian state TV broadcast
-Another Apple contractor gets ransomed
-Makina Finance hacked for $4.2m, barely feels it
-CISA head wanted to fire the CIO
-Report Fraud launches in the UK
-Millions of cards blocked in Russia due to new bank fraud rules
-Tudou Guarantee shuts down
-Another Apple contractor gets ransomed
-Makina Finance hacked for $4.2m, barely feels it
-CISA head wanted to fire the CIO
-Report Fraud launches in the UK
-Millions of cards blocked in Russia due to new bank fraud rules
-Tudou Guarantee shuts down
Today I learned about this. There may be nothing in the universe as enticing to North Korea as something that combines cryptocurrency and the open source software ecosystem. It’s going to be a matter of time before they attempt to grift off this, probably in multiple different way.
Yeah this is unfortunately "a thing" in the open source AI space right now.
AFAICT this is not a scam in the sense that maintainers don't get money—they reportedly do get fees, but they effectively do marketing for a memecoin, making money for whoever started it out of their community's goodwill.
AFAICT this is not a scam in the sense that maintainers don't get money—they reportedly do get fees, but they effectively do marketing for a memecoin, making money for whoever started it out of their community's goodwill.
Crypto grifters are recruiting open-source AI developers
--
www.seangoedecke.com
January 19, 2026 at 1:38 AM
Today I learned about this. There may be nothing in the universe as enticing to North Korea as something that combines cryptocurrency and the open source software ecosystem. It’s going to be a matter of time before they attempt to grift off this, probably in multiple different way.
Reposted by Daniel Gordon
I am not even sure how to emotionally process this being described as an open source sustainability strategy (something you know I care about!).
It's even sadder because to the extent that it works, it does because it combines people's goodwill with their greed and/or gambling addictions.
It's even sadder because to the extent that it works, it does because it combines people's goodwill with their greed and/or gambling addictions.
January 19, 2026 at 1:06 AM
I am not even sure how to emotionally process this being described as an open source sustainability strategy (something you know I care about!).
It's even sadder because to the extent that it works, it does because it combines people's goodwill with their greed and/or gambling addictions.
It's even sadder because to the extent that it works, it does because it combines people's goodwill with their greed and/or gambling addictions.
Reposted by Daniel Gordon
Lumen has sinkholed over 550 command and control servers for the Kimwolf botnet
www.linkedin.com/pulse/keepin...
www.linkedin.com/pulse/keepin...
Keeping the Kimwolf at bay: putting a leash on a massive DDoS Botnet.
With the fall of RapperBot in August 2025, Aisuru quickly regained its position as the world’s most powerful DDoS botnet. By September, Aisuru had achieved record-breaking attacks, flooding targets wi...
www.linkedin.com
January 15, 2026 at 12:07 AM
Lumen has sinkholed over 550 command and control servers for the Kimwolf botnet
www.linkedin.com/pulse/keepin...
www.linkedin.com/pulse/keepin...
Reposted by Daniel Gordon
American retailer Target has taken its Git server offline to investigate a possible breach.
Hackers claimed to have accessed the company's internal code and developer documentation.
www.bleepingcomputer.com/news/securit...
Hackers claimed to have accessed the company's internal code and developer documentation.
www.bleepingcomputer.com/news/securit...
Target's dev server offline after hackers claim to steal source code
Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be a sample of stolen code repositories on a public software development platf...
www.bleepingcomputer.com
January 13, 2026 at 11:21 AM
American retailer Target has taken its Git server offline to investigate a possible breach.
Hackers claimed to have accessed the company's internal code and developer documentation.
www.bleepingcomputer.com/news/securit...
Hackers claimed to have accessed the company's internal code and developer documentation.
www.bleepingcomputer.com/news/securit...
Thank you Talos for not lumping this into Salt Typhoon because “telecoms” blog.talosintelligence.com/uat-7290/
UAT-7290 targets high value telecommunications infrastructure in South Asia
Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunicatio...
blog.talosintelligence.com
January 11, 2026 at 11:33 PM
Thank you Talos for not lumping this into Salt Typhoon because “telecoms” blog.talosintelligence.com/uat-7290/
Reposted by Daniel Gordon
Recorded Future’s Insikt Group tracks GRU-linked BlueDelta credential theft, mimicking OWA, Google and Sophos VPN portals. Targets include a Turkish energy & nuclear research agency, a European think tank, and organizations in North Macedonia & Uzbekistan. www.recordedfuture.com/research/gru...
January 8, 2026 at 9:05 AM
Recorded Future’s Insikt Group tracks GRU-linked BlueDelta credential theft, mimicking OWA, Google and Sophos VPN portals. Targets include a Turkish energy & nuclear research agency, a European think tank, and organizations in North Macedonia & Uzbekistan. www.recordedfuture.com/research/gru...
Maybe Cyber Command was tasked with checking to see if a website was down after the substation was blown up.
Our "certain capability" is a single Reaper-bourne hellfire missile. The blue flash in the background an instant before the lights go out is the tell.
www.instagram.com/reel/DTEY0B1...
www.instagram.com/reel/DTEY0B1...
Anthony Milian on Instagram: "I didnt know we could do that #history #education #culture #venezuela #historylovers"
Donald Trump's recent statement about Venezuela's power grid has sent shockwaves through the international community. According to him, the US has the capability of turning off the lights for over 1.9...
www.instagram.com
January 5, 2026 at 2:21 PM
Maybe Cyber Command was tasked with checking to see if a website was down after the substation was blown up.
Cool cool residential proxies are going to be a new easy button way to get access to NAT’d networks.
krebsonsecurity.com/2026/01/the-...
krebsonsecurity.com/2026/01/the-...
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a ...
krebsonsecurity.com
January 2, 2026 at 3:22 PM
Cool cool residential proxies are going to be a new easy button way to get access to NAT’d networks.
krebsonsecurity.com/2026/01/the-...
krebsonsecurity.com/2026/01/the-...