David Oxley's Avatar

David Oxley

@oxley.io

Senior leader for cyber threat intelligence analysis at Amazon. @CitizenLab.ca Research Fellow. Former federal agent. Fan of space, books, tech, democracy, and Mother Nature. Personal account. ๐Ÿ‡บ๐Ÿ‡ธ ๐Ÿ‡บ๐Ÿ‡ฆ ๐Ÿ‡น๐Ÿ‡ผ #ThreatIntel ๐ŸŒช๏ธ ๐Ÿ“ธ : https://bsky.app/profile/wxdox.com

3,741
Followers 570
Following 625
Posts 03.07.2023
Joined
Posts Following

Latest posts by David Oxley @oxley.io

Preview
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...

Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 ๐Ÿ‡ท๐Ÿ‡บ targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...

15.12.2025 19:51 ๐Ÿ‘ 18 ๐Ÿ” 9 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Preview
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat g...

A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...

05.12.2025 01:06 ๐Ÿ‘ 15 ๐Ÿ” 9 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch The story of the Ghost in the Shellโ€™s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...

NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.

Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.

19.11.2025 22:04 ๐Ÿ‘ 67 ๐Ÿ” 30 ๐Ÿ’ฌ 2 ๐Ÿ“Œ 1
Preview
a man stands in front of a white board with the words we 're listening on it ALT: a man stands in front of a white board with the words we 're listening on it
19.11.2025 22:12 ๐Ÿ‘ 6 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | Amazon Web Services The new threat landscape The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend tha...

On the heels of @dlshad.net and @davidmagnotti.bsky.socialโ€™s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...

19.11.2025 19:17 ๐Ÿ‘ 14 ๐Ÿ” 5 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 1
Preview
a woman with a bandana on her head says " you can 't say i did n't warn you " ALT: a woman with a bandana on her head says " you can 't say i did n't warn you "
19.11.2025 00:02 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

And Iโ€™ll keep shamelessly plugging @dlshad.net and @davidmagnotti.bsky.socialโ€™s Lightning Talk on Iranian cyber ops in support of kinetic strikes!

18.11.2025 23:57 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Post image

Hope to see many of you at #CYBERWARCON tomorrow! As always, if you see me in the AWS shirt, donโ€™t be afraid to say hi, and please donโ€™t be offended if I forget your name (itโ€™s not you, itโ€™s me). ๐Ÿ˜…

18.11.2025 23:55 ๐Ÿ‘ 6 ๐Ÿ” 0 ๐Ÿ’ฌ 3 ๐Ÿ“Œ 0
HOPE CONFERENCE BANNED BY ST. JOHN'S UNIVERSITY | 2600

Ref: www.2600.com/content/hope...

18.11.2025 22:47 ๐Ÿ‘ 13 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Security Intelligence Engineer, Incident Response Threat Intelligence, ACTI We are open to hiring candidates to work out of one of the following locations:Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, ...

Come work with Amazon Cyber Threat Intelligence (ACTI) focusing on the threats targeting Amazon, AWS, and our subsidiaries! US citizenship required, in-office across multiple US locations. DM with questions! www.amazon.jobs/en/jobs/3120...

17.11.2025 22:42 ๐Ÿ‘ 3 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

๐Ÿซก

17.11.2025 16:42 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Also check out @dlshad.net and @davidmagnotti.bsky.social presenting on more of our work at #CYBERWARCON this week!

17.11.2025 02:21 ๐Ÿ‘ 3 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Listening to the #ThreeBuddyProblem podcast and, while Iโ€™m glad youโ€™re hearing about Amazon threat intel for the first time, I can say weโ€™ve been around doing a thing or two for a while @ryanaraine.bsky.social, @jags.bsky.social, and @craiu.bsky.social ๐Ÿ˜… (but message received re: IOCs in the blog)

17.11.2025 02:16 ๐Ÿ‘ 9 ๐Ÿ” 1 ๐Ÿ’ฌ 2 ๐Ÿ“Œ 0
Preview
Amazon discovers APT exploiting Cisco and Citrix zero-days | Amazon Web Services The Amazon threat intelligence team has identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. The ca...

Excited to share another blog where Amazon Cyber Threat Intelligence (ACTI) discovered APT exploitation of zero-day vulnerabilities in Cisco and Citrix products. Proud of the teamโ€™s work! aws.amazon.com/blogs/securi...

12.11.2025 14:36 ๐Ÿ‘ 10 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

If I give the bully my lunch money every day eventually he will die of old age

21.03.2025 00:33 ๐Ÿ‘ 6759 ๐Ÿ” 813 ๐Ÿ’ฌ 72 ๐Ÿ“Œ 24

And if you do so, Senator, all the pain that our state has endured during this shutdown was for naught. Please donโ€™t move forward without ACA subsidy extensions.

10.11.2025 01:26 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Cyber scholarship-for-service students say government has pulled rug on them, potentially burdening them with debt Some CyberCorps: Scholarship for Service participants have had federal agency job and internship offers rescinded this year due to cutbacks and freezes. Itโ€™s a condition of their scholarship contract ...

cyberscoop.com/cyber-schola...

Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce

30.10.2025 22:47 ๐Ÿ‘ 8 ๐Ÿ” 3 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0

And @dlshad.net!

12.10.2025 02:44 ๐Ÿ‘ 4 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
a man in a black uniform says so say we all in front of flags ALT: a man in a black uniform says so say we all in front of flags
12.10.2025 02:14 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Ping First, Boom Second โ€” CYBERWARCON

โ€ผ๏ธ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...

08.10.2025 20:44 ๐Ÿ‘ 13 ๐Ÿ” 4 ๐Ÿ’ฌ 3 ๐Ÿ“Œ 1
Preview
The Comey Indictment Is Not Just Payback โ€” The Atlantic Itโ€™s an advance glimpse of Trumpโ€™s next attempted seizure of power

โ€œJames Comeyโ€™s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trumpโ€™s invasion of those rights and liberties.โ€ From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...

26.09.2025 02:12 ๐Ÿ‘ 17 ๐Ÿ” 6 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Sr. Security Intelligence Engineer , European Sovereign Cloud (ESC) Threat Intelligence team We are open to hiring candidates to work out of one of the following locations:Dublin, IEThe European Sovereign Cloud (ESC) Threat Intelligence team, part of Amazon Cyber Threat Intelligence (ACTI), i...

Happy to share that Amazon Cyber Threat Intelligence (ACTI) is hiring our first role in Dublin, Ireland! ๐Ÿ‡ฎ๐Ÿ‡ช

This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available.

amazon.jobs/en/jobs/3089...

25.09.2025 18:43 ๐Ÿ‘ 3 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil

Glad to see not every country is powerless to hold coup leaders to account - โ€œBolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazilโ€ www.nytimes.com/2025/09/11/w...

11.09.2025 23:00 ๐Ÿ‘ 9 ๐Ÿ” 0 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Preview
Amazon disrupts watering hole campaign by Russiaโ€™s APT29 | Amazon Web Services Amazonโ€™s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russiaโ€™s Foreign Intelligen...

This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 ๐Ÿ‡ท๐Ÿ‡บ that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...

29.08.2025 13:44 ๐Ÿ‘ 10 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Show Us Your Face โ€” The Atlantic The federal government should prohibit the wearing of masks by ICE agents and require them to properly identify themselves.

โ€œThe driving principle here is obvious: In a free society, people should know who is policing them.โ€ apple.news/ATQz-Wb-hQom...

07.07.2025 22:27 ๐Ÿ‘ 5 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Iโ€™m so sorry you had to experience this Selena ๐Ÿ˜–

06.07.2025 15:42 ๐Ÿ‘ 3 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Opinion | How Trumpโ€™s โ€˜Big, Beautiful Billโ€™ Will Make China Great Again

How Trumpโ€™s โ€˜Big, Beautiful Billโ€™ Will Make China Great Again www.nytimes.com/2025/07/03/o...

03.07.2025 21:14 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Image of a screenshot of news headline, saying, "WhatsApp is getting ads using personal data from Instagram and Facebook Forced Consent & Consent Bypass / 16 June 2025 Meta announced today that it also wants to introduce ads on WhatsApp, which will be based on personal data from Facebook and Instagram. This further integrates WhatsApp into other Meta services - an originally independent app, which initially was available for just $1 per year without ads or data usage. This also means that Meta is consolidating its social networking monopoly. EU law was actually supposed to prevent this."

Image of a screenshot of news headline, saying, "WhatsApp is getting ads using personal data from Instagram and Facebook Forced Consent & Consent Bypass / 16 June 2025 Meta announced today that it also wants to introduce ads on WhatsApp, which will be based on personal data from Facebook and Instagram. This further integrates WhatsApp into other Meta services - an originally independent app, which initially was available for just $1 per year without ads or data usage. This also means that Meta is consolidating its social networking monopoly. EU law was actually supposed to prevent this."

Use Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3

16.06.2025 15:30 ๐Ÿ‘ 6242 ๐Ÿ” 1559 ๐Ÿ’ฌ 80 ๐Ÿ“Œ 95
Video thumbnail

๐Ÿ˜ณ๐Ÿ˜ฎ๐Ÿ˜ฒ. As the Joe Turns

14.06.2025 04:11 ๐Ÿ‘ 12345 ๐Ÿ” 2628 ๐Ÿ’ฌ 1254 ๐Ÿ“Œ 521
Preview
Graphite Caught: First Forensic Confirmation of Paragonโ€™s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of the...

Well-done by @billmarczak.org and @jsrailton.bsky.social at @citizenlab.ca! citizenlab.ca/2025/06/firs...

12.06.2025 15:25 ๐Ÿ‘ 13 ๐Ÿ” 3 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0