David Oxley
@oxley.io
Senior leader for Cyber Threat Intelligence analysis at Amazon. @CitizenLab.ca Research Fellow. Former federal agent. Fan of space, books, tech, and Mother Nature🌪️. Personal account. 🇺🇸 🇺🇦 🇹🇼 #ThreatIntel
Storm chasing: https://bsky.app/profile/wxdox.com
Storm chasing: https://bsky.app/profile/wxdox.com
Pinned
David Oxley
@oxley.io
· Nov 9
I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...
aws.amazon.com
December 15, 2025 at 7:51 PM
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat g...
aws.amazon.com
December 5, 2025 at 1:06 AM
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
Reposted by David Oxley
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...
techcrunch.com
November 19, 2025 at 10:04 PM
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | Amazon Web Services
The new threat landscape The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend tha...
aws.amazon.com
November 19, 2025 at 7:17 PM
On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
Hope to see many of you at #CYBERWARCON tomorrow! As always, if you see me in the AWS shirt, don’t be afraid to say hi, and please don’t be offended if I forget your name (it’s not you, it’s me). 😅
November 18, 2025 at 11:55 PM
Hope to see many of you at #CYBERWARCON tomorrow! As always, if you see me in the AWS shirt, don’t be afraid to say hi, and please don’t be offended if I forget your name (it’s not you, it’s me). 😅
Come work with Amazon Cyber Threat Intelligence (ACTI) focusing on the threats targeting Amazon, AWS, and our subsidiaries! US citizenship required, in-office across multiple US locations. DM with questions! www.amazon.jobs/en/jobs/3120...
Security Intelligence Engineer, Incident Response Threat Intelligence, ACTI
We are open to hiring candidates to work out of one of the following locations:Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, ...
www.amazon.jobs
November 17, 2025 at 10:42 PM
Come work with Amazon Cyber Threat Intelligence (ACTI) focusing on the threats targeting Amazon, AWS, and our subsidiaries! US citizenship required, in-office across multiple US locations. DM with questions! www.amazon.jobs/en/jobs/3120...
Listening to the #ThreeBuddyProblem podcast and, while I’m glad you’re hearing about Amazon threat intel for the first time, I can say we’ve been around doing a thing or two for a while @ryanaraine.bsky.social, @jags.bsky.social, and @craiu.bsky.social 😅 (but message received re: IOCs in the blog)
November 17, 2025 at 2:16 AM
Listening to the #ThreeBuddyProblem podcast and, while I’m glad you’re hearing about Amazon threat intel for the first time, I can say we’ve been around doing a thing or two for a while @ryanaraine.bsky.social, @jags.bsky.social, and @craiu.bsky.social 😅 (but message received re: IOCs in the blog)
Excited to share another blog where Amazon Cyber Threat Intelligence (ACTI) discovered APT exploitation of zero-day vulnerabilities in Cisco and Citrix products. Proud of the team’s work! aws.amazon.com/blogs/securi...
Amazon discovers APT exploiting Cisco and Citrix zero-days | Amazon Web Services
The Amazon threat intelligence team has identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. The ca...
aws.amazon.com
November 12, 2025 at 2:36 PM
Excited to share another blog where Amazon Cyber Threat Intelligence (ACTI) discovered APT exploitation of zero-day vulnerabilities in Cisco and Citrix products. Proud of the team’s work! aws.amazon.com/blogs/securi...
Reposted by David Oxley
If I give the bully my lunch money every day eventually he will die of old age
March 21, 2025 at 12:33 AM
If I give the bully my lunch money every day eventually he will die of old age
Reposted by David Oxley
cyberscoop.com/cyber-schola...
Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce
Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce
Cyber scholarship-for-service students say government has pulled rug on them, potentially burdening them with debt
Some CyberCorps: Scholarship for Service participants have had federal agency job and internship offers rescinded this year due to cutbacks and freezes. It’s a condition of their scholarship contract ...
cyberscoop.com
October 30, 2025 at 10:47 PM
cyberscoop.com/cyber-schola...
Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce
Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce
‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
Ping First, Boom Second — CYBERWARCON
www.cyberwarcon.com
October 8, 2025 at 8:44 PM
‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
“James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
The Comey Indictment Is Not Just Payback — The Atlantic
It’s an advance glimpse of Trump’s next attempted seizure of power
apple.news
September 26, 2025 at 2:12 AM
“James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
Happy to share that Amazon Cyber Threat Intelligence (ACTI) is hiring our first role in Dublin, Ireland! 🇮🇪
This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available.
amazon.jobs/en/jobs/3089...
This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available.
amazon.jobs/en/jobs/3089...
Sr. Security Intelligence Engineer , European Sovereign Cloud (ESC) Threat Intelligence team
We are open to hiring candidates to work out of one of the following locations:Dublin, IEThe European Sovereign Cloud (ESC) Threat Intelligence team, part of Amazon Cyber Threat Intelligence (ACTI), i...
amazon.jobs
September 25, 2025 at 6:43 PM
Happy to share that Amazon Cyber Threat Intelligence (ACTI) is hiring our first role in Dublin, Ireland! 🇮🇪
This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available.
amazon.jobs/en/jobs/3089...
This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available.
amazon.jobs/en/jobs/3089...
Glad to see not every country is powerless to hold coup leaders to account - “Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil” www.nytimes.com/2025/09/11/w...
Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil
www.nytimes.com
September 11, 2025 at 11:00 PM
Glad to see not every country is powerless to hold coup leaders to account - “Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil” www.nytimes.com/2025/09/11/w...
This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 🇷🇺 that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...
Amazon disrupts watering hole campaign by Russia’s APT29 | Amazon Web Services
Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russia’s Foreign Intelligen...
aws.amazon.com
August 29, 2025 at 1:44 PM
This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 🇷🇺 that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...
“The driving principle here is obvious: In a free society, people should know who is policing them.” apple.news/ATQz-Wb-hQom...
Show Us Your Face — The Atlantic
The federal government should prohibit the wearing of masks by ICE agents and require them to properly identify themselves.
apple.news
July 7, 2025 at 10:27 PM
“The driving principle here is obvious: In a free society, people should know who is policing them.” apple.news/ATQz-Wb-hQom...
How Trump’s ‘Big, Beautiful Bill’ Will Make China Great Again www.nytimes.com/2025/07/03/o...
Opinion | How Trump’s ‘Big, Beautiful Bill’ Will Make China Great Again
www.nytimes.com
July 3, 2025 at 9:14 PM
How Trump’s ‘Big, Beautiful Bill’ Will Make China Great Again www.nytimes.com/2025/07/03/o...
Reposted by David Oxley
Use Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3
June 16, 2025 at 3:30 PM
Use Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3
Reposted by David Oxley
Well-done by @billmarczak.org and @jsrailton.bsky.social at @citizenlab.ca! citizenlab.ca/2025/06/firs...
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of the...
citizenlab.ca
June 12, 2025 at 3:25 PM
Well-done by @billmarczak.org and @jsrailton.bsky.social at @citizenlab.ca! citizenlab.ca/2025/06/firs...
Many moons ago, I was a federal agent. I arrested people. And you know how many times I did that while hiding my face and refusing to identify myself? Never. apple.news/A8NMRFx2mRua...
Opinion | The secret police descending on Small Town, U.S.A. — The Washington Post
Masked immigration officials are storming towns and arresting people.
apple.news
June 11, 2025 at 8:53 PM
Many moons ago, I was a federal agent. I arrested people. And you know how many times I did that while hiding my face and refusing to identify myself? Never. apple.news/A8NMRFx2mRua...
Happy @sleuthcon.bsky.social SLEUTHCON Day to those who celebrate! Hope to see many of you there! #SLEUTHCON
June 6, 2025 at 10:58 AM
Happy @sleuthcon.bsky.social SLEUTHCON Day to those who celebrate! Hope to see many of you there! #SLEUTHCON
👌
Weird they're showing Swan Lake on Fox right now
June 5, 2025 at 10:58 PM
👌
One week until @sleuthcon.bsky.social! Hope to see many of you at the best cybercrime conference of the year. (And grab a ticket while you still can!) #SLEUTHCON
May 30, 2025 at 11:40 AM
One week until @sleuthcon.bsky.social! Hope to see many of you at the best cybercrime conference of the year. (And grab a ticket while you still can!) #SLEUTHCON
Reposted by David Oxley
“I dOn’T ThInK I eVeR MeT hIm”
April 26, 2025 at 12:54 AM
“I dOn’T ThInK I eVeR MeT hIm”