Lightnews — Scholar-powered news

Reposted by Winnona

Dave Aitel @daveaitel.bsky.social · 2d

#offensiveaicon

1 4

Reposted by Winnona

Eric Geller @ericjgeller.com · 8d

If the CISA 2015 info-sharing law expires tomorrow, CISA the agency may eliminate its real-time threat indicator sharing database, according to a new DHS OIG report. www.oig.dhs.gov/sites/defaul...

Participation in sharing program has been declining since 2020. Post-expiration plans unclear.

1 10 17

Winnona @winnona.bsky.social · Aug 26

Mark your calendars!! 💕

DistrictCon @districtcon.bsky.social · Aug 26

🚨T I C K E T D R O P D A T E S 🚨

you asked, we're answering 😉
Early Bird: Sep 15 (Mon), noon EST
GA: Nov 16, 2025 (Sat), noon EST
www.eventbrite.com/e/districtco...

DistrictCon Year 1

DistrictCon is a DC hacker con, focusing on hacking together and exchanging ideas over typical talk tracks.

www.eventbrite.com

1

Reposted by Winnona

Ami @amidanruo.bsky.social · Aug 21

Speaking as a Chinese person, in the Chinese culture, money is often given to others in a gesture of bribery.

96 600 4K

Reposted by Winnona

Supriya @supriyam.bsky.social · Aug 15

districtcon.org/cfp

2 5

Winnona @winnona.bsky.social · Aug 15

💕💕💕 this post brings me joy.
Can’t promise power (ffs) but can definitely promise good vibes again! ✨

1

Reposted by Winnona

pronto @pronto.bsky.social · Aug 15

I stopped by DistrictCon earlier this year, (no ticket) but was able to borrow a badge and such.

The vibes were awesome, the people were great, and even with a multi-block power outage at the venue, they were still able to keep it going.

I recommend this one in DC

DistrictCon @districtcon.bsky.social · Aug 15

Our Call for Papers is officially OPEN!

We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)

www.districtcon.org/cfp

1 1 3

Reposted by Winnona

DistrictCon @districtcon.bsky.social · Aug 15

Our Call for Papers is officially OPEN!

We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)

www.districtcon.org/cfp

1 9 13

Reposted by Winnona

Kim Zetter @kimzetter.bsky.social · Jul 18

How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyber Spies

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

www.wired.com

30 58

Winnona @winnona.bsky.social · Jul 12

Was a ton of fun to talk about the 0day market and Pall Mall at Summercon! Thanks for having me 💕

1 2

Winnona @winnona.bsky.social · Jul 9

“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."

NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...

Mobilizing Cyber Power: The Growing Role of Cyber Militias in China’s Network Warfare Force Structure

This report examines how China’s cybersecurity industry fields reserve and militia units in support of the PLA and national mobilization system.

margin.re

1 4

Reposted by Winnona

DistrictCon @districtcon.bsky.social · Jun 27

submit to districtcon.org/junkyard 🐞

2 7

Reposted by Winnona

DistrictCon @districtcon.bsky.social · Jul 7

We’re proud to announce the Review Board for DistrictCon’s call for papers! Our CFP will open next month, and we're excited to receive all your submissions! www.districtcon.org/cfp

1 6 8

Reposted by Winnona

Ian Campbell @neurovagrant.bsky.social · Jun 28

It's almost like surveillance capitalism is a problem for *everyone*

Raphael Satter @raphae.li · Jun 27

According to a DOJ IG report released this week, the Sinaloa cartel identified an FBI official working at the U.S. Embassy in Mexico, tracked him via phone location data, tapped into Mexico’s surveillance camera network, & killed an unspecified number of informants.
www.reuters.com/world/americ...

Sinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ says

A hacker working for the Sinaloa drug cartel was able to obtain an FBI official's phone records and use Mexico City's surveillance cameras to help track and kill the agency's informants in 2018, the U.S. Justice Department said in a report issued on Thursday.

www.reuters.com

1 51 140

Winnona @winnona.bsky.social · Jun 25

🤩🤩🤩🤩 thanks Patrick!

Reposted by Winnona

Mark Griffin @seeinglogic.bsky.social · Jun 25

Extremely interesting comparisons in cybersecurity...

The 1️⃣ thing to focus on? Talent.

Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!

Pipelines to build more experts pay compounding returns.

Winnona @winnona.bsky.social · Jun 25

🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.

key findings below ⬇️- 0/🧵  www.atlanticcouncil.org/in-depth-res...

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

www.atlanticcouncil.org

1 3

Reposted by Winnona

Martin Wendiggensen @machinavelli.com · Jun 25

Winnona out here doing amazing work, as always! Definitely recommend reading!

Winnona @winnona.bsky.social · Jun 25

🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.

key findings below ⬇️- 0/🧵  www.atlanticcouncil.org/in-depth-res...

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

www.atlanticcouncil.org

1 1 2

Winnona @winnona.bsky.social · Jun 25

😭 you are too kind to me

Reposted by Winnona

Robert Wilson @frcolumba.bsky.social · Jun 25

I wonder how many students coming out of NSA CAE-CO programs are able to "do" this kind of work? Less than 100? "Peripheral" state schools, even R1s with CAE designations are probably producing zero. Our emphasis is completely on defense.

Winnona @winnona.bsky.social · Jun 25

7/ 💡 Recommendations: How to Improve the Pipeline while Not Stooping to China’s Level

1. Invest in Talent—fund hacking competitions and international CTF teams, expand NSA CAE-CO programs, and provide legal protections to security researchers.

The international hacking community is an asset.

1 1 1

Winnona @winnona.bsky.social · Jun 25

🧨 Bottom line: Offensive cyber power isn’t just about conducting operations —it’s about procurement, talent, and strategic intent. Without reform, the U.S. risks ceding the future of cyberspace to China.
📖 full paper here!:
#CyberSecurity #ZeroDay #Infosec #China #NationalSecurity #CyberPolicy

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

www.atlanticcouncil.org

1 1 3

Winnona @winnona.bsky.social · Jun 25

💡 MOAR Recommendations

2. Simplify Zero-Day Acquisition—making sure bugs go through VEP and other regular processes
3. Adopt smarter counterintelligence strategies and deepen cooperation with allies (e.g. Pall Mall)

1 1 4

Winnona @winnona.bsky.social · Jun 25

7/ 💡 Recommendations: How to Improve the Pipeline while Not Stooping to China’s Level

1. Invest in Talent—fund hacking competitions and international CTF teams, expand NSA CAE-CO programs, and provide legal protections to security researchers.

The international hacking community is an asset.

1 1 5

Winnona @winnona.bsky.social · Jun 25

6/ Human Rights Risks in the 0day Market
 ➡️ Because this market is murky, we don’t *really* know who we’re buying / selling from - meaning we could be accidentally funding human rights abuses, or adversary nations.

1 1 2

Winnona @winnona.bsky.social · Jun 25

5/ Economic Security Risks in the 0day Market:
➡️ the U.S. acquisition model is inefficient: some vulnerabilities never get sold or patched. This is counter to U.S. economic interests to not waste resources, and Big Tech’s interests to make secure products.

1 1 2

Winnona @winnona.bsky.social · Jun 25

4/ National Security Risks in our 0day Market
➡️ Some of the hardest cyber ops need 0days, and they are sourced from a global, competitive market. 0day is in many ways, a strategic resource, especially when China keeps finding and using both 0day and n-day vulnerabilities against us.

1 1 2