Daniel Gordon
@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
Thank you Talos for not lumping this into Salt Typhoon because “telecoms” blog.talosintelligence.com/uat-7290/
UAT-7290 targets high value telecommunications infrastructure in South Asia
Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunicatio...
blog.talosintelligence.com
January 11, 2026 at 11:33 PM
Thank you Talos for not lumping this into Salt Typhoon because “telecoms” blog.talosintelligence.com/uat-7290/
Reposted by Daniel Gordon
Recorded Future’s Insikt Group tracks GRU-linked BlueDelta credential theft, mimicking OWA, Google and Sophos VPN portals. Targets include a Turkish energy & nuclear research agency, a European think tank, and organizations in North Macedonia & Uzbekistan. www.recordedfuture.com/research/gru...
January 8, 2026 at 9:05 AM
Recorded Future’s Insikt Group tracks GRU-linked BlueDelta credential theft, mimicking OWA, Google and Sophos VPN portals. Targets include a Turkish energy & nuclear research agency, a European think tank, and organizations in North Macedonia & Uzbekistan. www.recordedfuture.com/research/gru...
Good luck. Sometimes I think the military doesn’t even know how to military.
January 7, 2026 at 2:09 AM
Good luck. Sometimes I think the military doesn’t even know how to military.
Maybe Cyber Command was tasked with checking to see if a website was down after the substation was blown up.
Our "certain capability" is a single Reaper-bourne hellfire missile. The blue flash in the background an instant before the lights go out is the tell.
www.instagram.com/reel/DTEY0B1...
www.instagram.com/reel/DTEY0B1...
Anthony Milian on Instagram: "I didnt know we could do that #history #education #culture #venezuela #historylovers"
Donald Trump's recent statement about Venezuela's power grid has sent shockwaves through the international community. According to him, the US has the capability of turning off the lights for over 1.9...
www.instagram.com
January 5, 2026 at 2:21 PM
Maybe Cyber Command was tasked with checking to see if a website was down after the substation was blown up.
This person went on a buying spree over the past 24 hours. Fresh wallet. Only existed since Dec 27th and has only bet on Venezuela-related markets.
polymarket.com/@0x31a56e9E6...
polymarket.com/@0x31a56e9E6...
January 3, 2026 at 2:40 PM
Some PhDs are more equal than others. ☹️ bsky.app/profile/dhne...
ICMYI, here’s my attempt to blog my way through Gorka’s dissertation.
Unfortunately, @drfarls.bsky.social had to purge the @lawgunsmoney.bsky.social image archives, so the images are all missing. I’ll try to find them & post them here.
Part the first: www.lawyersgunsmoneyblog.com/2017/02/seba...
Unfortunately, @drfarls.bsky.social had to purge the @lawgunsmoney.bsky.social image archives, so the images are all missing. I’ll try to find them & post them here.
Part the first: www.lawyersgunsmoneyblog.com/2017/02/seba...
Sebastian Gorka's Dissertation, Part I - Lawyers, Guns & Money
We should exercise caution when evaluating dissertations. Dissertations are not works of scientific perfection. I finished mine in a marathon month, as I was pushing the deadline for retaining my posi...
www.lawyersgunsmoneyblog.com
January 2, 2026 at 9:11 PM
Some PhDs are more equal than others. ☹️ bsky.app/profile/dhne...
Cool cool residential proxies are going to be a new easy button way to get access to NAT’d networks.
krebsonsecurity.com/2026/01/the-...
krebsonsecurity.com/2026/01/the-...
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a ...
krebsonsecurity.com
January 2, 2026 at 3:22 PM
Cool cool residential proxies are going to be a new easy button way to get access to NAT’d networks.
krebsonsecurity.com/2026/01/the-...
krebsonsecurity.com/2026/01/the-...
Trying to imagine the quality of reports you would get from a 60 minute notification requirement 😂 thecyberexpress.com/china-cybers...
China’s New Cybersecurity Law Is Here — And It Changes Everything for Businesses
China has officially entered a new era of cyber regulation. As of January 1, 2026, the amended China cybersecurity law
thecyberexpress.com
January 2, 2026 at 1:00 PM
Trying to imagine the quality of reports you would get from a 60 minute notification requirement 😂 thecyberexpress.com/china-cybers...
I’ve seen a few folks solve this with very very good security architecture or defense in depth or both. But we’re in the same boat you are. Good luck boat friend!
January 1, 2026 at 7:49 PM
I’ve seen a few folks solve this with very very good security architecture or defense in depth or both. But we’re in the same boat you are. Good luck boat friend!
Thank god we solved this with SBOM /s
This is one of the nightmares of modern security. We need to know where every single one of those is, what we're trusting it to do and not do, and how to make it stop *immediately*.
And every time someone wants to use a new one we need to figure out whether we can trust it as far as we can throw it
And every time someone wants to use a new one we need to figure out whether we can trust it as far as we can throw it
I worked at a 4,000-person event tech company for about five years. At one of the annual team all-hands, our CEO shared a PowerPoint slide that contained every SaaS vendor logo that enabled our daily work.
Uncountable. Hundreds. Names you’ve never seen. A universe of invisible workers.
Uncountable. Hundreds. Names you’ve never seen. A universe of invisible workers.
January 1, 2026 at 7:22 PM
Thank god we solved this with SBOM /s
Taking time off from vacation to help some people because it’s part of recharging my soul and because one of the things that burns people out is feeling like you’re not making a difference.
December 31, 2025 at 12:04 AM
Taking time off from vacation to help some people because it’s part of recharging my soul and because one of the things that burns people out is feeling like you’re not making a difference.
December 28, 2025 at 11:38 PM
Reposted by Daniel Gordon
As the U.S weighs potentially banning TP-Link routers from sale on national security grounds over its alleged links to China, I blogged about the U.S. government's weak-ass argument and why a ban won't save the U.S. from years of its own terrible cybersecurity practices.
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
December 28, 2025 at 6:09 PM
As the U.S weighs potentially banning TP-Link routers from sale on national security grounds over its alleged links to China, I blogged about the U.S. government's weak-ass argument and why a ban won't save the U.S. from years of its own terrible cybersecurity practices.
I thinkI did a bad job of making my point. As a red teamer, can you think of ways to abuse cheap VMs, link sharing, and HTTPS proxy capabilities that can be configured with a trivial amount of effort?
December 24, 2025 at 11:21 PM
I thinkI did a bad job of making my point. As a red teamer, can you think of ways to abuse cheap VMs, link sharing, and HTTPS proxy capabilities that can be configured with a trivial amount of effort?
This is pretty impressive and unfortunately as a security person, my mind jumps to ways this can be abused and I’m horrified.
After reading this I gave exe.dev a shot and the combination of cheap VMs, the HTTPS proxy with passkey auth and link sharing, and the built-in LLM agent is... incredible.
Like, I know how to use each of these things individually, but combining them feels like when I first learned to script things.
Like, I know how to use each of these things individually, but combining them feels like when I first learned to script things.
Just in time software
I didn’t plan to write software in the grocery store last night. I was tired and hungry, kids in tow. My long shopping list sat in a text message. I wished I could check items off as I found them.…
commaok.xyz
December 24, 2025 at 10:39 PM
This is pretty impressive and unfortunately as a security person, my mind jumps to ways this can be abused and I’m horrified.
Reposted by Daniel Gordon
Since 2020, our team has iterated on a model for “rapid research” to help surface, analyze, & resolve rumors about election administration. This work demonstrates an innovative role for researchers to support public sensemaking during rapidly unfolding events.
uw.pressbooks.pub/rapidresearc...
uw.pressbooks.pub/rapidresearc...
Being Sensemakers: A Framework for University-Based Rapid Research of Elections, Crisis Events, and Beyond – Simple Book Publishing
A framework for university-based rapid research of elections, crisis events, and beyond
uw.pressbooks.pub
December 16, 2025 at 12:56 AM
Since 2020, our team has iterated on a model for “rapid research” to help surface, analyze, & resolve rumors about election administration. This work demonstrates an innovative role for researchers to support public sensemaking during rapidly unfolding events.
uw.pressbooks.pub/rapidresearc...
uw.pressbooks.pub/rapidresearc...
Reposted by Daniel Gordon
#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions.
www.welivesecurity.com
December 18, 2025 at 1:08 PM
#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7
Reposted by Daniel Gordon
~CFPTime is up again~ and only 12 conferences are loaded in it now; please load your conferences in CFPTime cfptime.org/upcoming
CFP Time - Indexing Security Call For Papers for Conferences and Workshops
Indexing Security Calls For Papers (CFP) for nternational conferences and others.
cfptime.org
December 18, 2025 at 9:33 PM
~CFPTime is up again~ and only 12 conferences are loaded in it now; please load your conferences in CFPTime cfptime.org/upcoming
Reposted by Daniel Gordon
Heads up, looks like there is a new CL0P campaign exploiting a flaw in CentreStack servers.
h/t @bushidotoken.net
h/t @bushidotoken.net
⚠️ PSA: Incident Responders from the Curated Intelligence community have encountered a new CLOP extortion campaign targeting Internet-facing CentreStack file servers.
From recent port scan data… | Cu...
⚠️ PSA: Incident Responders from the Curated Intelligence community have encountered a new CLOP extortion campaign targeting Internet-facing CentreStack file servers.
From recent port scan data, ther...
www.linkedin.com
December 18, 2025 at 6:49 PM
Heads up, looks like there is a new CL0P campaign exploiting a flaw in CentreStack servers.
h/t @bushidotoken.net
h/t @bushidotoken.net
Reposted by Daniel Gordon
This looks like a particularly spicy shituation affecting Cisco customers:
• 10/10 severity zero-day bug in popular Cisco products
• Cisco says China is exploiting bug to hack customers
• Cyberattacks discovered on Dec. 10; disclosed today
• No patches yet. Compromised devices must be wiped
• 10/10 severity zero-day bug in popular Cisco products
• Cisco says China is exploiting bug to hack customers
• Cyberattacks discovered on Dec. 10; disclosed today
• No patches yet. Compromised devices must be wiped
Cisco says Chinese hackers are exploiting its customers with a new zero-day | TechCrunch
Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company's most popular products.
techcrunch.com
December 17, 2025 at 7:17 PM
This looks like a particularly spicy shituation affecting Cisco customers:
• 10/10 severity zero-day bug in popular Cisco products
• Cisco says China is exploiting bug to hack customers
• Cyberattacks discovered on Dec. 10; disclosed today
• No patches yet. Compromised devices must be wiped
• 10/10 severity zero-day bug in popular Cisco products
• Cisco says China is exploiting bug to hack customers
• Cyberattacks discovered on Dec. 10; disclosed today
• No patches yet. Compromised devices must be wiped
Reposted by Daniel Gordon
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...
aws.amazon.com
December 15, 2025 at 7:51 PM
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
Gonna put hot sauce on my zucchini latkes because there is no tomorrow
December 15, 2025 at 1:37 AM
Gonna put hot sauce on my zucchini latkes because there is no tomorrow
I got my CEH, I’m ready to go!
December 14, 2025 at 12:43 PM
I got my CEH, I’m ready to go!
Obviously not suggesting this makes sense but “killed because he was starting to change his mind”
www.mediaite.com/media/news/c...
www.mediaite.com/media/news/c...
Charlie Kirk’s Pastor Rebukes Candace Owens for Haunting Kirk Family With Conspiracy Theories
Charlie Kirk's pastor is speaking out about Candace Owens's peddling of conspiracies in the wake of Kirk's assassination last week.
www.mediaite.com
December 13, 2025 at 1:42 PM
Obviously not suggesting this makes sense but “killed because he was starting to change his mind”
www.mediaite.com/media/news/c...
www.mediaite.com/media/news/c...