Daniel Gordon's Avatar

Daniel Gordon

@validhorizon.bsky.social

Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/

3,272 Followers  |  203 Following  |  692 Posts  |  Joined: 24.07.2023  |  2.1284

Latest posts by validhorizon.bsky.social on Bluesky

It took me quite a while to figure out what a waste of time it was to fight through the way he talks to figure out the message. It took me even longer to realize what this meant about people who would promote him but I still thought he was a clueless harmless academic crank. Now…

08.02.2026 21:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
darkMode 2026 Β· Luma About The Security Alliance (SEAL) is a non-profit founded in 2023 with a simple mission: to secure the future of crypto. Over the past few years, SEAL has…

I’ve presented at a lot of conferences over the years. A LOT of them. This year I’m trying some new things and this one will be a SO much different than anything I’ve done before. luma.com/m6q8aqcw

07.02.2026 03:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
OpenClaw Partners with VirusTotal for Skill Security β€” OpenClaw Blog ClawHub skills are now scanned by VirusTotal's threat intelligence platformβ€”bringing industry-leading security to the AI agent ecosystem.

While VT is not perfect, this seems like a pretty good step towards scanning an ecosystem badly in need of clean up. openclaw.ai/blog/virusto...

06.02.2026 21:27 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Anthropic's newest AI model uncovered 500 zero-day software flaws in testing The AI company sees the model's advancements as a major win for cyber defenders in the race against adversarial AI.

There’s a pretty big delta between the long term benefit and the short term yikes of this.

In the short term, open source software isn’t staffed to fix dozens of vulns at a time. If Claude will be public, so will a lot of problems that projects won’t have the bandwidth to fix right away.

06.02.2026 08:13 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Preview
Vibe Coding Is Killing Open Source Software, Researchers Argue β€˜If the maintainers of small projects give up, who will produce the next Linux?’

economists ran the numbers and, uh, it's bad!

05.02.2026 16:49 β€” πŸ‘ 270    πŸ” 90    πŸ’¬ 10    πŸ“Œ 16
Preview
two purple beach chairs on the beach with the words these are waiting for us ALT: two purple beach chairs on the beach with the words these are waiting for us

Reminder that the #PIVOTcon2026 CFP closes this Friday, February 6. Get those papers in. We want to see you at @pivotcon.bsky.social in Malaga! 😎

03.02.2026 15:59 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
The Notepad++ supply chain attack – unnoticed execution chains and new IoCs Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sidelo...

securelist.com/notepad-supp...

03.02.2026 14:32 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The bypassed security feature is control over your device.

03.02.2026 12:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Security Update Guide - Microsoft Security Response Center

You say "Security Feature Bypass"... I say.... "Remote Code Execution":

msrc.microsoft.com/update-guide...

03.02.2026 12:14 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

Sounds like it’s time to start up your North Korean laptop farm

02.02.2026 21:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

Backdoor apparently delivered by the Notepad++ activity and attribution to LotusBlossom aka APT30 or β€œRaspberry Typhoon” in case people were thinking about what would happen if it was conducted by a slushy.

www.rapid7.com/blog/post/tr...

02.02.2026 16:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

πŸ’―

02.02.2026 13:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

bsky.app/profile/vali...

02.02.2026 13:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Targeted activity despite the widespread potential access from Notepad++ huge user base.

Additional details:
community.notepad-plus-plus.org/topic/27212/...

doublepulsar.com/small-number...

02.02.2026 12:06 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1

πŸ˜‚ This statement by Hitachi is really something. β€œDon’t pay attention to our devices shipping with a universal default password or that nobody in OT environments performs updates, this is definitely the customer’s fault!” bsky.app/profile/rago...

30.01.2026 14:26 β€” πŸ‘ 5    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0

Been a while since we had a public APT attribution drama but here we go!

bsky.app/profile/eset...

30.01.2026 12:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Preview
Energy Sector Incident Report - 29 December 2025 CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a ...

Attribution to Dragonfly instead of Sandworm was quite a plot twist! cert.pl/en/posts/202...

30.01.2026 10:55 β€” πŸ‘ 12    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0

πŸ˜‚πŸ’―

29.01.2026 18:43 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
LABYRINTH CHOLLIMA Evolves into Three Adversaries | CrowdStrike LABYRINTH CHOLLIMA has evolved into three distinct adversaries with specialized malware, objectives, and tradecraft. Learn more.

Crowdstrike finally caught up with what the rest of the industry has been seeing for years. Still not acknowledging that Moonstone Sleet exists though πŸ€·β€β™‚οΈ www.crowdstrike.com/en-us/blog/l...

29.01.2026 17:00 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is my biggest pet peeve about dashboards: what is someone going to *do* when they get this information? If it's "be informed" that's the same as saying "nothing" and why did you even bother?

28.01.2026 15:48 β€” πŸ‘ 21    πŸ” 6    πŸ’¬ 4    πŸ“Œ 1
Preview
Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of ...

Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable

28.01.2026 14:53 β€” πŸ‘ 27    πŸ” 23    πŸ’¬ 1    πŸ“Œ 2
Preview
a little girl is asking why not both while standing in a kitchen . ALT: a little girl is asking why not both while standing in a kitchen .
26.01.2026 12:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Cyberattack Targeting Poland’s Energy Grid Used a Wiper A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a β€œwiper” that was intended to erase computers and cause a power outage and o...

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"

23.01.2026 16:33 β€” πŸ‘ 64    πŸ” 60    πŸ’¬ 2    πŸ“Œ 7

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

23.01.2026 16:30 β€” πŸ‘ 35    πŸ” 30    πŸ’¬ 1    πŸ“Œ 5
Preview
Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states | TechCrunch The Norwegian hacker talks about her new venture aimed at protecting journalists and critics from powerful adversaries.

I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/g...

23.01.2026 11:37 β€” πŸ‘ 44    πŸ” 19    πŸ’¬ 0    πŸ“Œ 1

I was just going to say β€œIt depends” but this works

22.01.2026 23:18 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

πŸ”Š The Call for Papers is now open for VB2026!

We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14–16 October 2026 in Seville, Spain.

πŸ“… Deadline: 9 April 2026
πŸ“ Submit your abstract: www.virusbulletin.com/conference/v...

22.01.2026 14:02 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

☹️

22.01.2026 10:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Cisco Security Advisory: Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presen...

New Cisco zero-day, CVE-2026-20045

sec.cloudapps.cisco.com/security/cen...

21.01.2026 21:43 β€” πŸ‘ 6    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Post image

-Hackers disrupt Iranian state TV broadcast
-Another Apple contractor gets ransomed
-Makina Finance hacked for $4.2m, barely feels it
-CISA head wanted to fire the CIO
-Report Fraud launches in the UK
-Millions of cards blocked in Russia due to new bank fraud rules
-Tudou Guarantee shuts down

21.01.2026 09:04 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

@validhorizon is following 20 prominent accounts