Skip to main content
Back to Newsletters
Community

1, 2, 3, 4 Tell Me That You Love Newsletters

Daniel Schwalbe
Published on: 
May 2, 2025

Welcome to the fourth iteration of my DomainTools Investigations (DTI) newsletter! I’m glad you’re back – and if you’re new, what you’re about to read is news from our group of researchers and analysts providing their expertise in investigating, mitigating, and preventing Domain and DNS based attacks.

Before we begin, you may have noticed some of my Carmen Sandiego-inspired social posts about where I’ve been traveling recently. I thought I’d take a moment to catch you up on where I’ve been (scroll to the end of the newsletter to see where I’ll be coming up in the next few weeks).

April is Spring Break Season for most of the United States. We usually meet up with other members of the extended family somewhere in the country, and explore new places. This year, we chose New Mexico, the Land of Enchantment™. I had never been, and I’malways excited to check a new state off my list (this makes number 30 for me!).

We flew into Albuquerque, and checked out a few locations from the TV Show Breaking Bad. 

Breaking Bad scene parody with Walter White outside Los Pollos Hermanos window under a sign reading Walter’s Booth.
Los Pollos Hermanos and “Walter’s booth”

Then we move on to Santa Fe, which besides being the State capital, it’s also a fun place with lots of interesting places to see. Meow Wolf, the underground art collective and immersive experience was definitely one of the highlights!

Front entrance of Meow Wolf art installation with colorful sign, murals, and unique sculptures above the building.
The original Meow Wolf location in Santa Fe, NM

Another highlight was the visit to the Puye Cliff Dwellings, a settlement that was inhabited as early as 900 AD. The dwellings on top of the mesa top were their summer homes, whereas the cliff side dwellings (partially carved into the cliffs) were the winter homes.

Ancient cliff dwellings at Bandelier National Monument in New Mexico, with ladders leading to carved cave homes.

The Puye is great because it has many ancient ruins, but also a few examples of buildings that are accurate reproductions of the original dwellings.

Visitor inside a low-ceiling ancient dwelling at Bandelier National Monument, wearing a cap and plaid shirt.
Our guide told us the original inhabitants were much much shorter than the average person today.

The one thing I didn’t realize until on day two of the trip, when I got a pretty bad headache that wouldn’t go away, is that Santa Fe is at around 7000 feet elevation. As a sea level dweller for over half of my life, I got a nasty case of altitude sickness! Drinking lots of water helped, but it took a bit to acclimate. This concludes this month’s travel round-up, let’s jump into what the DTI team has been up to since my last newsletter:

The Domain Event

In case you missed it, DTI published its inaugural Domain intelligence year-in-review report (cue the confetti!🎉). 

In the cybersecurity community, it’s generally accepted that the threat landscape is fast paced and ever-evolving. It turns out however that there are a few constants that rarely change: Domains and DNS are on top of that list. The purpose of this report is to illuminate Domain patterns and DNS infrastructure created by cybercriminals in order to collectively improve the community’s defenses.

What were some of the key findings, you may be asking yourself? 

  • Risk Scoring Detection Techniques: the likelihood of a Domain’s proximity to malware, phishing, spam, etc. to enable prioritization for further investigation and analysis.
  • Keyword Analysis of Threat Detection: clear patterns of newly created Domain names that included frequently included terms such as “phishing,” “fraud,” “bitcoin,” “scam,” and others. 
  • High Publicity Event Exploitation: large events spurn Domain registration including elections/politics, technological advancements, natural disasters, social movements, and so on. 
  • Commonalities in Malicious Domain Attributes: recurring patterns in preferred registrars, ISPs, nameservers, and SSL issuers used by malicious domains.
  • Analysis of Newly Registered Top Level Domains (TLDs): analysis to understand how threat actors utilize new TLDs (.lifestyle, .vana, .living, .music – to name a few) in their campaigns. 

Want more? Of course you do! Find the full report here

Looking for more of a highlight reel? Find the summary blog post here.

April Was Showered with Research

The team was busy during the month of April, which makes me extremely proud. In case you missed it, here’s what the team worked on: 

Get Your Kicks with Proton66

In this analysis, DTI explores Proton66, a Russian bulletproof hosting provider that supports cybercriminal activities by ignoring abuse complaints. It highlights the activities of Coquettte (the three T’s are not a typo), an emerging threat actor using Proton66’s infrastructure to distribute malware and engage in illicit projects, including a website hosting guides on manufacturing illegal substances. 

A screenshot of a fake cybersecurity website, cybersecureprotect[.]com, masquerading as a legitimate antivirus service
A screenshot of a fake cybersecurity website, cybersecureprotect[.]com, masquerading as a legitimate antivirus service

Why is This Important? This analysis sheds light on the infrastructure supporting cybercriminal activities, specifically through Proton66. By understanding how threat actors like Coquettte operate and utilize such services, cybersecurity professionals can better detect and mitigate these threats.

Read the full analysis here

Harriet the SpyNote Malware

Here, we looked at how deceptive websites hosted on newly registered domains are being used to distribute SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store to trick users into downloading SpyNote, a potent Android remote access trojan (RAT) used for surveillance, data exfiltration, and remote control. The research details the common patterns in domain registration, website structure, and malware configurations, noting the use of both English and Chinese-language delivery sites as shown below: 

Google Play store pages showing Google Chrome app and a Chinese live streaming app with install and review details.

Why is This Important? SpyNote is a potent Android remote access trojan (RAT) that can steal sensitive data, including personal information, financial details, and credentials. Understanding its distribution methods helps in developing better defenses.

Read the full analysis here

Juiced Up and AI Sloppy

I can’t resist the opportunity to reference a Rolling Stones song – especially when it comes to the idea of AI slop. Here, we illustrate how deceptive browser extensions within the Google Store manipulate ratings and transmit user data. These extensions, often promoted through newly registered websites, pose significant privacy and security risks and this analysis highlights common traits among these extensions, such as manipulated reviews and external data transmission, and provides insights into identifying suspicious extensions by examining their code and user feedback. 

DeepSeek AI Chat Chrome extension page highlighting features like private browsing, AI chat, and secure conversations.
Chrome Extension “DeepSeek AI Chat”: Purports to add DeepSeek AI chat to your browser

Why is This Important? These extensions could transmit sensitive user data without consent, leading to privacy breaches (a topic I’m incredibly passionate about). It also helps security practitioners to potentially identify and remove malicious extensions and helps maintain the integrity and security of users’ browsing experiences.

Read the full analysis here

Book It

Remember that program from Pizza Hut? Getting rewarded for reading by getting some free pizza? I can’t give everyone a free pizza for reading Ian Campbell’s reading list digest, but I promise you the reward is becoming a better defender through shared knowledge (and that lasts way longer than pizza!)

Some of the topics Ian included in his recent reading lists include:

Be sure to check out the reading list for his full recommendations!

Where We’ll Be

  • TechNet Baltimore – May 6-8
    • Catch my colleague, Malachi Walker, and the DomainTools Federal team at this three-day event
  • GISEC – Dubai – May 6-8
    • For those who will be in this neck of the woods, come find me here – I’d love to say hi!
    • I’ll be presenting “Trends in Malicious Domain & DNS Infrastructure” on May 6 beginning at 2:05PM in Hall 6 on the Xlabs stage. Learn more here.
  • Closed Door Session (Invite-Only, TLP:RED research – say I referred you)
    • Washington DC, June 5
  • SleuthCon June 6
    • DomainTools is one of the sponsors for this event and Malachi will be present here, too!
    • I’ll also be presenting “Seeing is Believing: A Visual and Analytical Map of Russian-affiliated Ransomware Groups” with Analyst1’s Jon DiMaggio. Learn more here

Final Thoughts

Again, if you’re a returning reader from last month, I thank you. If you’re new, I hope you found this newsletter informational, helpful, and worthy of sharing with your peers. 

We share this newsletter via email as well – if you’d prefer to get it to your inbox, sign up here

If you missed last month’s content, here are some quick links:

BUT WAIT. There’s more! Would you like to hear more about our Russian disinformation research? In this episode of the Breaking Badness Cybersecurity Podcast, I chat with disinformation expert, Scot Terban, about how Russian threat actors are evolving their playbook to mimic small-town US newspapers to push propaganda. Find the recording here.

Thanks for reading – see you next month!

Daniel 

https://www.linkedin.com/in/schwalbe

https://infosec.exchange/@danonsecurity

Related Content

Newsletters
Community
Fifteen (Newsletters) On A Skateboard

After False Spring and Second Winter, we have reached “The Pollening”, which either precedes actual Spring, or possibly Third Winter - The jury is still out! In any case, I’ve put my "heavy rain coat" in storage, and pulled out my "slightly lighter rain coat." It’s been windy though - the cherry blossoms on the UW Quad are fighting to stay attached, and for a minute today I could have sworn the outside thermometer read 70 degrees. But that can’t be right, it’s April in Seattle after all!

Very much on brand for Spring however, things have started to get real busy again. I just wrapped up a fantastic week in San Francisco at the end of March. I gave a talk at BSidesSF, where I dove deep into the recent activities of Salt Typhoon and the i-Soon leaks. 

After that I stuck around for RSAC, and it was great to connect with many of you in person. If I missed you, please drop me a line and let’s figure out the next time we’ll be in the same city. The next opportunity will likely be in Munich toward the end of April, where I will be attending the FIRST CTI Conference. If you’re going to be there, let me know and we’ll research who pours the best Maß !

Speaking of research, in this edition, we’re looking at some heavy-hitting infrastructure research, from the persistent "Doppelgänger" disinformation machine to a significant cryptographic leak within Qihoo 360’s AI platform.

Let’s dive in and get you up to speed!

Hot off the Presses

Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026

DTI researchers analyzed the Doppelgänger / RRN ecosystem as an infrastructure-based disinformation operation with notable operational waves from 2022 through 2026. Rather than operating as a loose set of fake websites, the network functions as a coordinated system built around large-scale media impersonation. Well-known Western news outlets are copied using domain lookalikes, typo variants, and alternate extensions, all tied to a central group of RRN domains that act as a hub for messaging.

Domain analysis showed registration activity in clear waves, along with consistent use of low-cost top-level domains and repeat patterns in domain naming. The operation also rotates domains after enforcement actions while keeping core naming consistent. The infrastructure is distributed and designed to stay active over time, with multiple connected domains supporting the name narratives. Overall, the findings point to a managed and sustained operation rather than isolated short-term activity.

🔍Read the full investigation here

SecuritySnack - CloudFlare Anti-Security For Phishing

A Microsoft 365 credential harvesting campaign leveraged content delivery and security platforms like Cloudflare to delay detection and risk profiling. The campaign implemented multiple anti-detection techniques, including Cloudflare human verification, hardcoded IP block lists, user agent checks, and multiple sites and redirects, filtering out security tools, bots, and known infrastructure, often returning fake “404 Not Found” pages. The credential harvesting logic was executed through a hidden script using a custom VM function, preventing static analysis and dynamically updating destinations to legitimate domains when checks were triggered. Multiple sites in the cluster shared common infrastructure patterns, including Cloudflare nameservers, Namecheap registration, and a consistent Turnstile sitekey that may be used to identify related domains.

🔗Learn more here

Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 “Security Claw” AI Platform

DTI analyzed the confirmed exposure of a Transport Layer Security (TLS) private key associated with the wildcard certificate *.myclaw[.]360[.]cn, tied to Qihoo 360’s Security Claw platform. Cryptographic validation confirmed that the supplied private key matches the public key contained in the certificate, showing that the exposed credential is authentic and operational. Because the certificate covers the entire domain namespace, possession of the private key would allow impersonation of services across the platform if it remained trusted and unrevoked. Certificate transparency analysis indicates the certificate was subsequently rotated and replaced with a new RSA key pair following the exposure.

The exposure represented a leak of cryptographic trust material associated with the platform’s infrastructure. Evidence indicates the certificate and private key were present within the platform’s installer package, suggesting inclusion during the software build process. Domain registration data, passive DNS, and infrastructure analysis link the affected namespace to Qihoo 360’s operational environment, confirming the exposed key was associated with a service environment under the company’s direct control. Our team worked through a root cause and analytical assessment of the exposure as well as the possible threat scenarios that could result from it. 

🔗Read the technical deep dive here

SecuritySnack - OpenAI Anti-Ads Malware

DTI researchers detailed the discovery of a malicious Chrome extension, named "ChatGPT Ad Blocker", found on the Google Chrome Web Store. The extension masquerades as an ad-blocking tool but is primarily designed to steal the user’s ChatGPT conversations data by systematically copying the HTML page and sending it to a webhook on a private Discord channel.

The identified activity appears to be an attempt to capitalize on OpenAI's policy shift to serve advertisements on its free tier by distributing malicious extensions that allege to block these ads.

🔗Learn more

What We’re Reading 

In case you’re behind on your cybersecurity reading homework, DTI team member Ian Campbell’s monthly recommended reading list will get you up to speed! 

📚Check out the full reading list here

Where We’ll Be 

- FIRST CTI Conference, Munich, Germany - 21-23 April

- SLEUTHCON, Arlington, VA - 05 June

Final Thoughts

As always, thank you to my returning readers! If you’re new, I hope you found this newsletter informational, helpful, and worthy of sharing with your peers. And of course I hope you will be coming back to read future editions!

We share this newsletter via email as well - if you’d prefer to get it to your inbox, sign up here.

If you missed last month's content, here are some quick links:

Thanks for reading & see you next month!

-Daniel

https://www.linkedin.com/in/schwalbe/

https://infosec.exchange/@danonsecurity

Learn More
Newsletters
Community
Fourteen Newsletters and Fifteen Winters

Greetings from Seattle, where “second false spring: has just arrived. It’s a thing, Google it!  Returning readers will no doubt recognize that I’m a bit obsessed with the weather here. Even after thirty years in the Emerald City, and my induction as an honorary mossback, the weather and its 12-14 micro-seasons are frequently top of mind. During my first year as an undergrad at the University of Washington, I thought about becoming a meteorologist. I took several atmospheric sciences classes, but then the advanced math got me. Instead I got a degree more suited to my natural talents: Communications 😉 

I teased this possibility last month, but now it’s official: The publication of this monthly newsletter has moved to the first Tuesday of the next month, as opposed to the last Tuesday of the month that the newsletter covers. We changed a few things up internally, and for practical reasons, this change is becoming permanent. The use of adapted song titles for each new edition is sticking around, though it might get harder if I keep up sequential numbering. I’d normally ask you to comment on this post if you recognized the song this one is based on, but GenAI kind of takes the fun out of it - Gemini for example got it on the first try 🙄

While February was a short month, the threat landscape was anything but quiet and my team was anything but bored. This edition of my newsletter focuses on a recurring phenomenon we observe in actor tradecraft: The weaponization of trust. Our headliner is a deep dive into Lotus Blossom (G0030) and their sophisticated supply chain attack targeting Notepad++. This wasn't a loud, "smash and grab" operation; it was a surgical infiltration of an update pipeline designed to stay under the radar of even the most diligent admins.

We’re also looking at the "human" side of the house with a new Security Snack on Idolized Crypto Scams. My team traced over 250 domains back to a single infrastructure cluster that uses celebrity personas and fraudulent presales to siphon assets across multiple blockchains.

We closed out February with my talk at BSides Seattle, where I spoke about my team’s research on new domains delivering SpyNote Malware, which we covered extensively last year. If you weren’t able to catch me live, my team and I will be at BSides San Francisco near the end of March, where we have two presentations on the schedule - come find us and say hi! I will be in town for RSAC as well, and would be happy to host you in our space near Moscone.

Now, without further ado, from supply chain evolution to high-velocity fraud, we’ve got plenty to get you up to speed. Let’s dive in!

Hot off the Presses

Lotus Blossom (G0030) and the NotePad++ Supply Chain Espionage Campaign

DTI researchers analyzed the sustained compromise of the Notepad++ update pipeline from late 2025 into early 2026. Rather than modifying the open-source codebase, attackers infiltrated upstream distribution infrastructure and selectively redirected update traffic for a small group of targets. This allowed them to deliver customized installers and low-noise implants to be delivered while most users continued receiving legitimate updates.Taken together, the operational choices, tooling, and victim profile support attribution, with moderate to high confidence, to the China-aligned espionage actor commonly tracked as Lotus Blossom (G0030) in concurrence with other organizations assessment. 

The Notepad++ compromise represents a clear evolution in Lotus Blossom’s tradecraft. Earlier campaigns relied heavily on spear-phishing and bespoke backdoors delivered directly to victims. Rather than compromising end-user systems through conventional infrastructure attacks, such as opportunistic abuse of widely trusted software updates, the actors shifted the locus of trust toward the developer ecosystem itself. By abusing a legitimate update mechanism relied upon specifically by developers and administrators, they transformed routine maintenance into a covert entry point for high-value access.The incident highlights how trusted software update systems can be quietly weaponized for long-term intelligence collection without causing widespread disruption.

🔍Read the full investigation here

SecuritySnack: Idolized Crypto Scams

A cryptocurrency scam operation spanning roughly 250 domains was identified across multiple themes, including fake celebrity giveaways and fraudulent token presales. The investigation began with a cluster of suspected scam domains sharing the same Google analytics tag ID and expanded through blockchain tracing, wallet analysis, and domain registration overlaps. This process revealed activity across BTC, ETH, and XRP and included impersonation of public figures, platforms, and crypto projects.

On-chain findings were mixed but revealed a well-developed supporting infrastructure. In several cases, blockchain tracing showed actor-controlled wallets funding themselves and cycling assets through multi-layer laundering pipelines. The broader infrastructure includes cross-chain scam tooling, distributed hosting across multiple jurisdictions, and hundreds of related domains. Evidence from shared wallets, infrastructure overlaps, and Russian-language artifacts indicates a single actor likely responsible for both campaigns. 

🔗Read more here

What We’re Reading 

In case you’re behind on your cybersecurity reading homework, DTI team member Ian Campbell’s monthly recommended reading list will get you up to speed! 

📚Check out the full reading list here

Where We’ll Be 

- NICAR 2026, Indianapolis, IN - 04-06 March 

- BSides San Francisco, San Francisco, CA - 21-22 March

        Come see me speak on Saturday 21 March at 1:05pm, AMC Theater 13

- FIRST CTI Conference, Munich, Germany - 21-23 April

Final Thoughts

As always, thank you to my returning readers! If you’re new, I hope you found this newsletter informational, helpful, and worthy of sharing with your peers. And of course I hope you will be coming back to read future editions!

We share this newsletter via email as well - if you’d prefer to get it to your inbox, sign up here.

If you missed last month's content, here are some quick links:

Thanks for reading & see you next month!

-Daniel

https://www.linkedin.com/in/schwalbe/

https://infosec.exchange/@danonsecurity

Learn More
Newsletters
Community
Thirteen Silver Newsletters

DomainTools Investigations kicks off 2026 with deep dives into the KnownSec leak exposing China's cyberespionage ecosystem, predatory online gambling apps, and a phishing campaign weaponizing fake job interviews.

A new year, a new cover image! We recently went through another rebranding exercise, which brought new collateral templates. Most noticeably, it changed our corporate website. Some of you noticed, and let us know exactly how you felt about it! The DomainTools Investigations site (https://dti.domaintools.com) also got a make-over, and I think the main website compliments our DTI site nicely!

Regular readers will notice that once again the newsletter is a week “late” - but once again, there were good reasons for it. So I’m considering releasing it on the first Tuesday of the Month, instead of the last one. If you feel strongly one way or the other, please let me know in the comments (or email me). The use of song titles with numbers that correspond to the current edition for the newsletter title is sticking around for now. My friend @Kali Fencl started that when she helped me launch this newsletter over a year ago, and while it’s getting more difficult, I’m committed. 

Another thing that’s probably staying are mentions of the local weather! Returning readers know I live in Seattle, and the weather here is always a topic of conversation! For example, many of you think the rain never stops in Seattle. Movies depict torrential downpours, but we Seattleites don’t mind: Keep believing that. But in reality, fellow PNW-er Scott Losse explains it best. Check him out and follow him, he’s funny!

Unlike the East Coast (sorry friends!), we just had a brief, miraculous week of mild weather and sunshine. But as it is customary, "The Gray" has returned like clockwork. It’s that part of winter here, where blue sky quickly begins to feel like a distant memory, and dampness is king. Don’t worry, only three to four months of that!

Speaking of winter, while most of the world was recovering from New Year's Eve and shovelling their driveways, my team here at DomainTools Investigations was busy dissecting a fresh mountain of data. If you thought the i-Soon leak from a while back was a one-off, think again. We’ve been heads-down on the KnownSec leak, a fascinating look at one of the supposed "white hat" companies that turned out to be part of the backbone of China’s cyberespionage ecosystem.

Beyond the geopolitical chess match, we’re also tracking some more "down-to-earth" (read: predatory) threats. Our analysts have been playing a high-stakes game of whack-a-mole with a series of dubious online gambling apps that are currently targeting users across the globe with some surprisingly sophisticated evasion tactics.

And for those of you who appreciate a shorter read with your morning coffee, we have a new SecuritySnack focused on "Phishing Interviews." This investigation highlights a particularly cold-hearted campaign that weaponizes the job hunt, exploiting the trust of applicants to harvest government credentials and to drop remote access tools.

We’ve got a lot to cover to kick off the year, so let’s dive right in, and get you all caught up!

Hot off the Presses

THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyberespionage Ecosystem

In November of 2025, an allegedly massive leak of data from Chinese company “KnownSec” was posted to a github account. The leak has since been pulled off of Github and downloaded by very few, and of those few who gained access, only one uploaded 65 documents as a primer to the leak elsewhere for others to see. DTI was able to get the 65 document images and this initial investigation is derived from this slice of a much larger leak that is out there but not available.

While Knownsec advertises itself as a “white hat” pillar in China’s cybersecurity landscape, the leak revealed the company operates a vertically integrated espionage stack for reconnaissance, exploitation, collection, and persistence, designed for both domestic surveillance and foreign intelligence operations in support of China’s security state. 

Its internal documents, product manuals, and data repositories show a company engineered to support Chinese national security, intelligence, and military objectives. Tools like ZoomEye and the Critical Infrastructure Target Library give China a global reconnaissance system that catalogs millions of foreign IPs, domains, and organizations mapped by sector, geography, and strategic value. Massive datasets containing real names, ID numbers, mobile phones, emails, and credentials allow Knownsec and its government clients to correlate infrastructure with people, enabling rapid deanonymization, targeting, and social engineering. On top of this data foundation, Knownsec’s offensive products – GhostX, Un-Mail, and Passive Radar – purport to provide a full intrusion and surveillance pipeline.

🔍Read the full investigation here

Pay to Lose: Dubious Online Gambling Games 

DTI analysts identified multiple clusters of dubious Android applications created in the past few weeks that are engaged in predatory gambling and real money gaming apps. Notably, these are not registered apps. They are intentionally misleading users into thinking they are legitimate and reputable through multiple tactics like spoofing the Google Play Store, creating fake reviews, generating fake public win declarations, and creating entire brands with marketing campaigns and broad distribution tactics. These clusters also attempt to evade detection and analysis by having post install code and configuration retrievals from actor controlled sites, which serve a dual purpose of distributing region specific content to users post installation.

The investigation is segmented into three distinct infrastructure clusters. Each cluster appears to target a general set of countries including Nigeria, India, Pakistan, and the Philippines. They also appear to have non-region specific user base targeting, including English, Portuguese, and Bengali speaking users. Despite the wide range of targets, the clusters share a common theme of mobile-focused gaming or gamified gambling apps to attract users for financial gain

🔗Read more 

Security Snack: Phishing Interviews

My team uncovered a malicious actor that has created several domain masquerades of small companies posing as job boards, interview themes, and login pages since approximately August 2025. 

The investigation revealed two distinct objectives. The first is a credential harvesting scheme targeting ID.me accounts — the official identity provider for US government services like the IRS and SSA — which can then be exploited to facilitate financial fraud, including tax refund theft and fraudulent unemployment benefits. 

The second cluster focuses on malware delivery, tricking job seekers via fake Microsoft Teams meeting invites to download a malicious, unsigned variant of the remote access tool Connectwise. This gives the attacker access to the victim’s machine where they may conduct follow-on attacks.

🗒️Learn more here

What We’re Reading 

In case you’re behind on your cybersecurity reading homework, DTI team member Ian Campbell’s monthly recommended reading list will get you up to speed! 

📚Checkout the full reading list here📚

Where We’ll Be 

  • AFCEA West 2026, San Diego, CA, 10-12 February
  • BSides Seattle, Redmond, WA, 27-28 February
  • NICAR 2026, Indianapolis, IN, 5-6 March
  • BSides SF, San Francisco, CA, 21-22 March

Final Thoughts

As always, thank you to my returning readers! If you’re new, I hope you found this newsletter informational, helpful, and worthy of sharing with your peers. And of course I hope you will be coming back to read future editions!

We share this newsletter via email as well - if you’d prefer to get it to your inbox, sign up here.

If you missed last month's content, here are some quick links:


Thanks for reading - see you next month!

-Daniel

Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.