Lightnews — Scholar-powered news

Ian Campbell

@neurovagrant.bsky.social

160 followers 140 following 420 posts

Security ops engineer and investigator @ DomainTools, writer, voracious reader. he/him. Opinions here mine only. Autistic/depressed/anxious/hungry. https://dti.domaintools.com

dti.domaintools.com

Posts Media Videos Starter Packs

Pinned

Ian Campbell @neurovagrant.bsky.social · Jul 8

DomainTools Investigations worked with OSINT analysts & journalists to help uncover the connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.

Technical writeup below!

www.domaintools.com/resources/bl...

RDAP and BGP in Investigative Journalism - DomainTools | Start Here. Know Now.

One of the things we’re most proud of at DomainTools is our Grants program. We offer free access and training to investigative journalists, as well as security researchers involved in community-benefi...

www.domaintools.com

1 3 4

Ian Campbell @neurovagrant.bsky.social · 56m

Oh nice, Nvidia AI red team wrote up some of their attack framework and results from their BlackHat presentation. These folks are awesome.

developer.nvidia.com/blog/from-as...

From Assistant to Adversary: Exploiting Agentic AI Developer Tools | NVIDIA Technical Blog

Developers are increasingly turning to AI-enabled tools for coding, including Cursor, OpenAI Codex, Claude Code, and GitHub Copilot. While these automation tools can enable faster development and…

developer.nvidia.com

Ian Campbell @neurovagrant.bsky.social · 5h

Fascinating job alert: TikTok

Analyst, Influence Operations - Global Security Organization

lifeattiktok.com/search/75533...

Analyst, Influence Operations - Global Security Organization

View our opening for Analyst, Influence Operations - Global Security Organization and learn more about what it's like to work at TikTok!

lifeattiktok.com

Ian Campbell @neurovagrant.bsky.social · 6h

YESSSSSS LABScon 2025 videos have started going up. This was a fantastic talk by two Dreadnode folks on the nuts and bolts of an agentic system built for Russian internet content analysis, as well as the limitations, ways to properly assess it, and further implications.

youtu.be/zZUKMrz7TNU

LABScon25 Replay | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm

YouTube video by SentinelOne

youtu.be

Ian Campbell @neurovagrant.bsky.social · 6h

I love how we’re all just pretending MCP can be patched like any other software and the problem solved.

The nondeterminism is what Nvidia AI red teamer Rich Harang very presciently calls a “universal anti-pattern” that allows for these vulnerabilities.

www.darkreading.com/vulnerabilit...

Figma MCP Server Opens Orgs to Agentic AI Compromise

A bug (CVE-2025-53967) in a popular Web design tool's option for talking to agentic AI allows command injection leading to remote code execution (RCE).

www.darkreading.com

1 3

Ian Campbell @neurovagrant.bsky.social · 7h

Framework can make this right, but doubling down on supporting projects by a toxic dickhead that also gleefully celebrated mass tech worker layoffs “because DEI” is not apolitical or “big tent.”

It’s just another bro show.

Ian Campbell @neurovagrant.bsky.social · 7h

In regards to Framework’s latest footgunning, two things:

1. Tech is and always has been political. Anyone saying otherwise simply wants to avoid being held accountable for their words and actions.

2. “Big tent” policies loudly express that you’re perfectly okay becoming the neighborhood nazi bar.

1 1

Ian Campbell @neurovagrant.bsky.social · 19h

“We gladly feast on those who would subdue us.”

Was reminded of this tonight and need to carry it forward.

Addams family clip with Morticia repeating the family credo, which is the text above.

2 6

Ian Campbell @neurovagrant.bsky.social · 1d

Shout out to Silobreaker for putting out *really* well-done weekly geopolitical briefs that provide substantial, timely, and relevant analysis without feeling like a chore to make time for.

#threatintel #infosec #cybersecurity

www.silobreaker.com/resources/re...

www.linkedin.com/newsletters/...

Weekly Geopolitical Risk Briefs

At Silobreaker, we understand the critical impact that geopolitical conflicts can have on your organization. That's why we're excited to introduce our latest Geopolitical Risk Briefs. Our research tea...

www.silobreaker.com

Ian Campbell @neurovagrant.bsky.social · 1d

Oh, this could be a powerful combo. My article aggregator/RSS reader/more now integrates natively with n8n, which is a powerful platform to develop AI-centric workflows www.inoreader.com/blog/2025/10...

Supercharge your workflows with our new n8n integration

We’re excited to announce that Inoreader now integrates with n8n – one of the most popular platforms for workflow automation...

www.inoreader.com

Ian Campbell @neurovagrant.bsky.social · 2d

ICE now owns roving vans with integrated cell site simulators

techcrunch.com/2025/10/07/i...

for commentary on this breaking news, i turn to my recently-made friend Ray Hunter

Luckily everyone else can too!

#infosec #privacy

www.eff.org/deeplinks/20...

ICE bought vehicles equipped with fake cell towers to spy on phones | TechCrunch

The federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners.

techcrunch.com

2 4

Ian Campbell @neurovagrant.bsky.social · 2d

Hey folks, just a reminder I'll be at BSides NoVA this weekend, giving a talk on DNS and domain intel in investigative journalism! It's an intersection of passions for me, so I'm wicked excited.

#infosec #cybersecurity #bsidesnova

bsidesnova-2025.sessionize.com/session/1001...

Start the Presses! Domain and DNS Intelligence in Investigative Journalism

Across two businesses, dozens of training sessions, and hundreds of grants for access, we’ve spent more than a decade enabling the use of DNS and domain intelligence for investigative journalists. Col...

bsidesnova-2025.sessionize.com

Ian Campbell @neurovagrant.bsky.social · 2d

“But Captain,” I mutter to myself in the early morning quiet, “it’s only Tuesday.”

Ian Campbell @neurovagrant.bsky.social · 3d

This Phrack timeline of the Kimsuky dump is wiiiiiiild.

phrack.org/issues/72/7_...

(we did some deeper analysis of the dump, linked below, but wow...)

( dti.domaintools.com/inside-the-k... )

APT Down - The North Korea Files

Click to read the article on phrack

phrack.org

Ian Campbell @neurovagrant.bsky.social · 3d

If you need something to read this morning, we published research on Friday around an activity cluster targeting 18+ interests, especially gambling and porn.

Well. Also tax websites. Which I suppose is an adult interest. Sigh.

#threatintel #infosec

dti.domaintools.com/securitysnac...

DomainTools (@[email protected])

New from DTI: A financially-motivated cluster of spoofed domains disguised as age 18+ social media content, government tax sites, consumer banking, and online gambling applications targeting Windows a...

infosec.exchange

Ian Campbell @neurovagrant.bsky.social · 3d

Prompt||GTFO events have been extremely educational for me as an AI skeptic, as well as fun and entertaining. Worth checking them out.

Google Form for getting the invite (or applying to present):

docs.google.com/forms/d/e/1F...

LinkedIn post with more info:

www.linkedin.com/feed/update/...

Prompt||GTFO Registration

Welcome to the Prompt Pit, where in a world of vibe slop, we're taking AI back from the marketers. Next upcoming episode: S02E01: Indiana Pit and the Raiders of the Lost Prompt When: 25 September, 20...

docs.google.com

Ian Campbell @neurovagrant.bsky.social · 6d

New, from us, today: coordinated cluster of dozens of domains delivering infostealers or phishing credentials, targeting users of TikTok, YouTube, gambling apps, and more. Domain profiles and deeper IOCs provided.

#infosec #cybersecurity #threatintel

dti.domaintools.com/securitysnac...

SecuritySnack: 18+E-Crime - DomainTools Investigations | DTI

Starting in September 2024, a financially motivated cluster of more than 80 spoofed domain names and lure websites began targeting users with fake applications and websites themed as government tax si...

dti.domaintools.com

Reposted by Ian Campbell

Patrick Howell O’Neill @patrickhowelloneill.com · 7d

Happy 25th birthday of Kid A to all those who celebrate (me) www.youtube.com/watch?v=NUnX...

Everything In Its Right Place

YouTube video by Radiohead - Topic

www.youtube.com

4 5 45

Ian Campbell @neurovagrant.bsky.social · 7d

Last paper I read from Agarwal & Vasek was great. New one:

Fishing for Smishing: Understanding SMS Phishing Infrastructure and Strategies by Mining Public User Reports

Agarwal, Sharad; Papasavva, Antonis; Suarez-Tangil, Guillermo; Vasek, Marie.

discovery.ucl.ac.uk/id/eprint/10...

Fishing for Smishing: Understanding SMS Phishing Infrastructure and Strategies by Mining Public User Reports - UCL Discovery

UCL Discovery is UCL's open access repository, showcasing and providing access to UCL research outputs from all UCL disciplines.

discovery.ucl.ac.uk

Ian Campbell @neurovagrant.bsky.social · 8d

well played, M-W

Merriam-Webster @merriam-webster.com · 8d

We are thrilled to announce that our NEW Large Language Model will be released on 11.18.25.

Ian Campbell @neurovagrant.bsky.social · 8d

*checking inbox a little compulsively*

c'moooon, big money, no whammies, big money no whammies, BIGMONEYNOWHAMMIES

Reposted by Ian Campbell

🎃Yell👻Growler🧙🏻‍♀️ @yaelwrites.com · 8d

Today, @consumerreports.org @aspendigital.bsky.social @gca.bsky.social released the 4th Annual Consumer Cyber Readiness Report, co written by @gigastacey.bsky.social @jefflandale.bsky.social and I.

innovation.consumerreports.org/2025-Consume...

#CybersecurityAwarenessMonth 1/x

1 7 16

Ian Campbell @neurovagrant.bsky.social · 9d

Okay nerds, someone pointed me at BSidesSF's CFP, which is musical theatre-themed.

Get on it!

sessionize.com/bsidessf2026

sessionize.com

Ian Campbell @neurovagrant.bsky.social · 9d

Hellllll yeah Infoblox!

Catalin Cimpanu @campuscodi.risky.biz · 9d

Apparently the reason why ICANN began investigating WebNIC in August was because they refused to suspend domains operated by the Detour Dog cybercrime group (which operates DNS-based TDS)

Infoblox filed an official complaint at ICANN against WebNIC

FAFO

blogs.infoblox.com/threat-intel...

Detour Dog: DNS Malware Powers Strela Stealer Campaigns

30k sites infected with DNS malware by Detour Dog. Now linked to Strela Stealer, StarFish backdoor, REM Proxy, and Tofsee in global spam campaigns.

blogs.infoblox.com

Ian Campbell @neurovagrant.bsky.social · 9d

Did that thing again where I reach deep into the DomainTools Investigations noosphere to mine our infosec egregores and present them on a monthly cadence.

or...y'know...drummed up a reading list of stuff that caught our attention.

#infosec #cybersecurity

dti.domaintools.com/cybersecurit...

Cybersecurity Reading List - Week of 2025-09-29 - DomainTools Investigations | DTI

Commentary followed by links to cybersecurity articles that caught our interest internally.

dti.domaintools.com

1 2

Ian Campbell @neurovagrant.bsky.social · 13d

In case you need more good weekend reading, make sure you've hit this Infoblox piece on Vane Viper.

It's absurdly well-done, weaving expert technical details with deep narrative to provide a thorough understanding of malicious adtech & related behavior.

blogs.infoblox.com/threat-intel...

Vane Viper: Russia–Cyprus AdTech Nexus Delivering Malware

DNS analysis links Vane Viper's AdTech abuse to AdTech Holding and PropellerAds, delivering malware through fake software, APKs, and redirects.

blogs.infoblox.com