Glasswing et al present a moral hazard to bug bounties.
What I've seen recently is a significant increase in AI generated, or assisted vulnerability reports that are not vulnerabilities.
(1/6)
I’m excited to let you know that the talks from [un]prompted—the AI Security Practitioner Conference—are now live on YouTube.
No fluff, no hype—just real-world AI security from people actually doing the work.
www.youtube.com/playlist?lis...
That is not what a 0-day is.
It is a .NET CVE, it *does not* effect .NET Framework.
🙄
It's not that I mind AI written vulnerability reports for .NET, but there are a few problems we're seeing
1) Simply submitting the output from your favourite AI without testing the code it says demonstrates the vulnerability is bad.
(1/4)
#BSidesLDN2025 videos are now live on our YouTube channel.
Don’t forget to like and subscribe, we only publish once a year, your support makes a real difference!
www.youtube.com/@Securitybsi...
Huge thanks to @ministraitor.bsky.social & all our presenters for sharing their time and expertise!
𝐓𝐡𝐢𝐬 𝐭𝐢𝐦𝐞 𝐰𝐞’𝐫𝐞 𝐠𝐨𝐢𝐧𝐠 𝐞𝐯𝐞𝐧 𝐝𝐞𝐞𝐩𝐞𝐫! #UCK26
👉 krakow.updateconf.net
#UpdateConference #Krakow
@davidortinau.com & @konradkokosa.bsky.social & @codrina.bsky.social & @jfversluis.dev & @louella.dev & @niels.fennec.dev
Aspire beyond the basics.
Aspire goes beyond its defaults once you understand the ideas underneath it. That foundation opens the door to extending Aspire in meaningful ways.
Watch the full session from VSLive! Orlando
youtu.be/rZQbhDfj7ek
NDC Copenhagen 2026 - 4-Day Event for Software Developers
The NDC Copenhagen Agenda is out 🇩🇰
See the full agenda and secure your Early Bird tickets before 27 Feb 👉 ndccopenhagen.com #ndccph
How hard can it be 😂
Like many services, as Signal grows, it becomes a more appealing place for scammers to try and cause harm.
We've put together tips to help you protect yourself from phishing, scams, & impersonation attempts. Plus info about how Signal support communicates.
support.signal.org/hc/en-us/art...
Call for Papers ends 1 Feb
📢 The NDC Copenhagen #CFP ends this Sunday, 1 February!
We welcome all subjects relevant to software developers. If you have something to say, then speak up!
📅 Deadline: 1 February
👉 Submit: ndccopenhagen.com/call-for-pap...
#ndccopenhagen
I'm going to be around as well! Looking forward to it!
After a bit of trial and error, I finally made an agent that does exactly what I want. No hallucinations. Runs locally. And costs almost nothing.
#! /bin/bash
// Do exactly this one task and nothing else.
// If it doesn't work, wait 30 seconds and try
// again. If that fails, log a message.
doTask
Yeah that was kind of how I thought about it.. But hey here you go..
On 9 January 2026 mine and my family's lives changed forever.
I tell the full story in this video: youtu.be/mNEPSWcOheY
If you want to support my family as well as our local community, consider sharing this post, or donating here: www.gofundme.com/f/we-lost-al...
If 2025 was the year of vibe coding, 2026 will be the year of vibe maintenance and security.
It's that time of the season again, time for BsidesLondon! Let me know if you're around!
Introducing NDC Toronto, 5-8 May 2026
We’re headed to Toronto! 🇨🇦
We’re excited to partner up with @cppnorth.bsky.social for an incredible 4-day event you don’t want to miss. We’re currently booking speakers, and the CFP is open → ndctoronto.com
I recently did a talk on internet safety for parents/guardians and it was well received by those in the room. Its honestly the toughest talk I have researched and given. It might help you if you have kids or you are the local tech support for people with small humans. www.youtube.com/watch?v=UgF5...
The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...
If you missed Aleksander Stensby's 2-day workshop on MCP and RAG at NDC AI last week, don’t worry - you can still join the online workshop on 1–2 December!
event.checkin.no/206017/ndc-o...
The details of .NET's PQ algorithms, and their APIs are available
devblogs.microsoft.com/dotnet/post-...
🎤 Meet one of our VISUG XL 2025 speakers: 𝐍𝐢𝐞𝐥𝐬 𝐓𝐚𝐧𝐢𝐬!
We’re excited to welcome 𝐍𝐢𝐞𝐥𝐬 this year at Visug XL, our yearly, free, community-driven .NET conference.
📅 November 28, 2025
📍 UCLL Leuven
👉 More information and tickets: www.visug.be/Events/102
#VisugXL #DotNet #Community #Conference
With 80% of modern #apps built on third-party #code, supply chain #security has become critical. Don't miss
@niels.fennec.dev "Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain" at #NDCManchester!
ndcmanchester.com/agenda/beyon...
Chatbots — LLMs — do not know facts and are not designed to be able to accurately answer factual questions. They are designed to find and mimic patterns of words, probabilistically. When they’re “right” it’s because correct things are often written down, so those patterns are frequent. That’s all.
Timeline of .NET Standard Term Support. text reads: .NET STS releases supported for 24 months .NET 7 Nov 2022 .NET 8 Nov 2023 May 2024 .NET 9 Nov 2024 Latest release .NET 10 Nov 2025 May 2026 .NET 11 Nov 2026 STANDARD TERM SUPPORT Patches for 2 years LONG TERM SUPPORT Patches for 3 years Get the details The image also includes a timeline with colored bars: Purple bar = Standard Term Support (STS) for 2 years. Gray bar = Long Term Support (LTS) for 3 years. .NET 9 is highlighted as the latest release.
We are increasing the length of support offered for .NET Standard Term Support (STS) releases from 18 months to 24 months. This change is effective starting with .NET 9 and there is no change for LTS releases.
Get all the details you need: msft.it/63328t6MeM
Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).
Learn why VEX matters in our blog post: msft.it/6014shEmn
