The Austria Cyber Security Challenge #ACSC '26 has started! π¦πΉ
β’ Qualifications are live 1 March - 1 May
β’ Juniors, Seniors & Open categories
β’ Challenges from Web to Pwn, Crypto, Rev & more
β’ Finale in Linz this September
Join us & spread the word π acsc.land
Few days left to submit your work to #MADWeb '26! The CfP is open until Dec 11 (AOE). We welcome full papers (10 pages) and work-in-progress submissions (6 pages, no proceedings). It's a great chance to showcase you work or get early feedback!
π madweb.work
@madwebwork.bsky.social
π Want to help shape #MADWeb 2026? Nominate yourself for the Program Committee! Deadline: Oct 31, 2025 β° Consider applying even if you don't have extensive reviewing experience!
forms.gle/UovLWS78aa3t...
Team AT members
HITCON final scoreboard
π¦πΉ Team Austria placed 8th at #HITCON #CTF as part of the qualifier for #ECSC2025 in Warsaw. Everyone did a fantastic job, so proud of the team. We'll select the 10 final members in the next days, stay tuned!
@hitcon.org @tuwien.at @informatics.tuwien.ac.at @cysecwien.bsky.social @hofhackerei.at
Meanwhile, our plane here in Vegas is "too heavy" and we can't take off. They are asking people to leave to reduce the weight. Please tell me this is perfectly normal.
After a great run at #defcon33 #CTF, I'm heading to Seattle to attend #USENIX Sec. DM me if you'd like to meet up and join us Thursday at midday for our talk on #TapTrap (track 4) with @beerphilipp.bsky.social !
taptrap.click
@lindorfer.in @cysecwien.bsky.social @informatics.tuwien.ac.at
From starting @mhackeroni.bsky.social in 2018 to heading @hofhackerei.at to 9th place at @defcon.bsky.social #CTF finals this year: what a journey.
This team is amazing, I couldn't be prouder of all of them and the best is yet to come! π₯
@cysecwien.bsky.social @tuwien.at @informatics.tuwien.ac.at
First wave of our team (me included) is on the way to @defcon.bsky.social #CTF. Huge thx to the companies and unis backing us, we're extremely grateful.
Special shoutout to @tuwien.at for the early support, as well as everyone who joined after.
We'll give our best, wish us luck!
See you Vegas π΄π©
Things were a bit different with Android this time, likely due to a functionality vs security trade-off that made it harder to address the issue in AOSP. Going forward, we'll continue reporting to Google but jointly disclose to GrapheneOS for any future Android-related issues.
Completely agree. For context on our disclosure policy: we usually report issues to upstream first so that other vendors or projects can automatically benefit from the fix. This process has worked well so far with browser vendors. The Chrome team in particular has always been extremely responsive.
By scanning the QR code you win a free color blindness test
I'm part of the team that discovered the #TapTrap vulnerability. We confirmed that @grapheneos.org has properly fixed it, as detailed on our site taptrap.click
Despite a small factual error, it's good to see #GrapheneOS getting some media attention.
foxnews.com/tech/new-and...
> GrapheneOS, a security-focused operating system based on Android, confirmed that its current version is also affected. However, it plans to release a fix in its next update.
No, we said that on July 7 and then shipped grapheneos.org/releases#202... fixing it.
Team Austria, 1st qualifier event.
ECSC 2025 prep has begun! First Team Austria qualifier wrapped up with 30 participants focusing on #ENOWARS and #DUCTF. Great vibes. Thanks to Ikarus Security for hosting us and everyone who joined! #ECSC2025 @tuwien.at @informatics.tuwien.ac.at @cysecwien.bsky.social
And shoutout to my girlfriend for lending a hand - literally - for the photo! π
Our #TapTrap attack got covered in @tuwien.at's news!
This was such a fun project. Congrats to @beerphilipp.bsky.social on his second first-author paper at a top-tier conference β€οΈ
We'll present the paper at #USENIX in Seattle on August 14 . Looking forward to catching up with some of you there!
Congrats to my co-lecturers @mautem.bsky.social, @matteomaffei.bsky.social, @wert310.bsky.social, Pedro Bernardo, @beerphilipp.bsky.social, Simon Jeanteur and our amazing tutors: this wouldn't be possible without you.
And thanks to all students for the great feedback and participation π
For the second year in a row, @tuwien.at students have nominated our Introduction to Security course among the finalists for the Best Teaching Award!
Balancing research, teaching & outreach isn't easy, but we give it our all.
π www.tuwien.at/tu-wien/aktu...
CC @informatics.tuwien.ac.at
ublock origin lite works quite well on Chrome (but please people keep using Firefox)
This effort is the result of a collab w Sebastian Roth, @lindorfer.in and @beerphilipp.bsky.social who discovered the issue & did the heavy lifting. Thanks to @wwtf.at for making this research possible and supporting us β₯οΈ
See you at #USENIX in Seattle next month!
@tuwien.at @cysecwien.bsky.social
It works on Android 15 & 16, while @grapheneos.org issued a fix. Major browsers such as Chrome and Firefox promptly patched after we disclosed the vulnerability. We analyzed ~100K Play Store apps finding that TapTrap is not currently being exploited in the wild.
Unlike classic tapjacking, TapTrap uses Android's built-in activity transition animations to launch a transparent activity on top of the attacker's app. The user thinks they're tapping a harmless button, but the tap goes to a permission/system prompt, a browser, or a sensitive app without notice.
Our new Android attack, #TapTrap, is getting media coverage β so here's a quick explainer.
It's a new tapjacking technique that exploits Android's UI animations to hijack user taps without requiring any permissions. @beerphilipp.bsky.social will present it at #USENIX Sec'25.
π taptrap.click
It has been an honor to organize the bootcamp for 3 years in a row, and I am proud that it's getting better every time. Thanks to CSA, @cysecwien.bsky.social, ENISA, Joe Pichlmayer, Manuel Reinsperger and the entire team for making this possible.
See you all next year β₯οΈ #CYBER #ECSC2025
Help us choose our mascot! πΎ
Nautilus Institute is asking us to send them a animal mascot for the DEFCON CTF, and we need your help to pick the cutest contender!
Dive into the threat to meet the 8 adorable candidates.
#KuKHofhackerei #defcon33 #ctf #Mascot
KuK Hofhackerei - DEF CON 33 Sponsorship (Front)
KuK Hofhackerei - DEF CON 33 Sponsorship (Description)
KuK Hofhackerei - DEF CON 33 Sponsorship (Packages)
My team @kukhofhackerei.bsky.social is heading to the DEF CON CTF finals this August in Las Vegas π₯
We're now looking for sponsors to help cover the trip. If you're interested in supporting us, please get in touch or share this around.
Call for sponsors at hofhackerei.at π¦πΉ
Thank you!
#CTF #DC33
After many years of battles with @mhackeroni.bsky.social, I'm blown away to announce that we've qualified for the #DEFCON CTF finals with KuK Hofhackerei π¦πΉ this year!
New friends, same love. Couldn't be prouder of this team.
Thanks to nautilus.institute for organizing and see you in Vegas! π©
The 2nd wave of challenges for the Austria Cyber Security Challenge #ACSC will be live in 1h! You have 1 month left to compete and prove your skills!
I contributed a hard web challenge this time, let's see who can solve it π
Ready? π acsc.land
@informatics.tuwien.ac.at @cysecwien.bsky.social
Best paper award ceremony at MADWeb 2025
And the best paper award sponsored by @paloaltonetworks.bsky.social goes to...
π Can Public IP Blocklists Explain Internet Radiation?
by D. Ravalico, S. Cossaro, R. Valentim, M. Trevisan, and I. Drago!
Congratulations π
#MADWeb #NDSSsymposium2025
Can't wait for Friday? Get a sneak peek at #MADWeb '25 papers now! πβ¨ All papers are live on our website: madweb.work
Safe travels, and see you in San Diego! βοΈ
#NDSSsymposium2025