Lightnews — Scholar-powered news

Daniel Gordon @validhorizon.bsky.social · 5h

Reposted by Daniel Gordon

CYBERWARCON @cyberwarcon.bsky.social · 22h

Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.

Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!

6 10

Reposted by Daniel Gordon

Joe Uchill @joeuchill.bsky.social · 1d

So, next week I'm presenting this concept on expanding Bluesky's limited form of certificate authority verification into a multi-root, multi-platform system. Still revising a final draft.

I'd love it if everyone took a look and gave me comments.

(PDF) From root to Sky: Bluesky's certification authority verification as basis for sustainable multiplatform verification system

PDF | Bluesky's recent announcement of a certi icate authority/chain of trust veri ication system for high-impact accounts is, potentially, a cheap and... | Find, read and cite all the research you ne...

www.researchgate.net

4 6

Reposted by Daniel Gordon

Greg Lesnewich @greg-l.bsky.social · 6d

Great piece from
@strikereadylabs.com
on a continuation of Operation Roundpress - both a great finding and walkthrough how to find, and analyze, these types of XSS phishes

strikeready.com/blog/0day-ic...

0day .ICS attack in the wild

Earlier in 2025, an apparent sender from 193.29.58.37 spoofed the Libyan Navy’s Office of Protocol to send a then-zero-day exploit in Zimbra’s Collaboration Suite, CVE-2025-27915, targeting Brazil’s m...

strikeready.com

1 2 6

Reposted by Daniel Gordon

The Banshee Queen 👑 @cyberoverdrive.bsky.social · 7d

A thread of great questions from @greg-l.bsky.social and fantastic answers (and nuance) by @invisig0th.bsky.social, about the legendary APT1 report and way more.

Greg Lesnewich @greg-l.bsky.social · 8d

HI @invisig0th.bsky.social been enjoying your recent media appearances with KZ and TBP!

Was wondering two things

1. You’re obviously the lead singer of the APT1 report “band” - Without burning names, can you talk about the make up of the team (skills, backgrounds, etc) +
& what made it special?

3 6

Reposted by Daniel Gordon

ESET Research @esetresearch.bsky.social · 7d

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.

www.welivesecurity.com

1 9 6

Reposted by Daniel Gordon

Greg Lesnewich @greg-l.bsky.social · 7d

2 9

Daniel Gordon @validhorizon.bsky.social · 7d

They said it’s a custom build of YARA-X

1 2

Daniel Gordon @validhorizon.bsky.social · 7d

🤷‍♂️

1 2

Daniel Gordon @validhorizon.bsky.social · 8d

I don’t think I’ve seen a vendor do this before. Just add YARA support.

www.validin.com/blog/yara_hu...

Introducing YARA Rules: Search and Monitor the Internet’s Infrastructure with YARA | Validin

Learn how to threat hunt with YARA rules in the Validin platform using host response data. We show you how to uncover exposed LLM Keys using a YARA rule

www.validin.com

1 1 4

Reposted by Daniel Gordon

CYBERWARCON @cyberwarcon.bsky.social · 15d

CFP closes this Friday, September 26th at 11:59pm EST!

If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!

Submit your talk here >> www.cyberwarcon.com/cfp2025

#CYBERWARCON #CFP

9 12

Reposted by Daniel Gordon

ESET Research @esetresearch.bsky.social · 13d

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6

1 9 16

Reposted by Daniel Gordon

ESET Research @esetresearch.bsky.social · 14d

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews.
www.welivesecurity.com/en/eset-rese... 1/6

www.welivesecurity.com

1 6 6

Daniel Gordon @validhorizon.bsky.social · 15d

Hopefully nobody is using vSphere or ESXi for anything important.

John Hultquist @hultquist.bsky.social · 15d

We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog

BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.

cloud.google.com

3

Daniel Gordon @validhorizon.bsky.social · 15d

Great thread on the SIM farm bust in NYC. Only note is that there are lots of incompetent spies and spy-adjacent folks out there but I don’t think any are incompetent in this specific way so completely agree with @tprophet.org analysis.

TProphet @tprophet.org · 15d

1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.

Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.

Secret Service agents dismantle network that could shut down New York cellphone system

Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.

www.nbcnews.com

3 8

Reposted by Daniel Gordon

Catalin Cimpanu @campuscodi.risky.biz · 16d

GitHub will require a FIDO-based two-factor authentication method to publish updates to npm packages.

The company will also deprecate legacy long-lived npm tokens and roll out new ones that last only seven days.

github.blog/security/sup...

Our plan for a more secure npm supply chain

GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.

github.blog

1 26 82

Reposted by Daniel Gordon

Catalin Cimpanu @campuscodi.risky.biz · 16d

North Korean espionage group Kimsuky used "sex offender notices" to lure victims into running its malware

logpresso.com/ko/blog/2025...

2 5

Daniel Gordon @validhorizon.bsky.social · 18d

It’s conference season and this is also kind of hilarious

DPRK CERT @dprkcert.bsky.social · 18d

We will be carefully reviewing submissions. Submit soon, space is filling up.

We welcome all researchers, state secret enjoyers, APTs, and more to submit to #BSidesPyongyang2025 🇰🇵

Submit your CFP now:
https://forms.gle/y6QRMeYuJPYXZi1k9

1 2

Daniel Gordon @validhorizon.bsky.social · 18d

Ian is a secret operative of big Availability.

Picture of the CIA triad: Confidentiality Integrity and Availability

1 4

Reposted by Daniel Gordon

Volatility @volatilityfoundation.org · 20d

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

6 4

Reposted by Daniel Gordon

Volatility @volatilityfoundation.org · 20d

#FTSCon Speaker Spotlight: Michael Horka is presenting “Lilac Typhoon aboard the Indigo Train - The Current State of Chinese Obfuscation Networks” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

5 6

Reposted by Daniel Gordon

Volatility @volatilityfoundation.org · 19d

#FTSCon Speaker Spotlight: Tom Lancaster (@tlansec.bsky.social) & Josh Duke are presenting “Mission Auth Possible: Passwordless Phishing” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

4 3

Daniel Gordon @validhorizon.bsky.social · 19d

This is absolute CTI bait, great job ESET www.welivesecurity.com/en/eset-rese...

Gamaredon X Turla collab

ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

www.welivesecurity.com

1 4

Reposted by Daniel Gordon

Brody @brody-n77.bsky.social · 20d

As far as I can tell, Whittaker is the only tech executive in the entire world taking a principled and honest stand against the pervasive enshittification of technology by AI agents.

I hope Signal can be a North Star for other software vendors.

english.elpais.com/technology/2...

Signal president Meredith Whittaker: ‘In technology, it’s way too easy for marketing to replace substance. That’s what’s happened with Telegram’

The app best known for respecting privacy looks to grow, despite anti-privacy efforts

english.elpais.com

1 4

Daniel Gordon @validhorizon.bsky.social · 19d

Hey I know that guy!

Volatility @volatilityfoundation.org · 19d

#FTSCon Speaker Spotlight: Daniel Gordon (@validhorizon.bsky.social) is presenting “When the AppleJeus GitHub is Worth the Squeeze: Citrine Sleet Investigation” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

5