Security4all

HITCON 2026 - Call for Papers Preview Got groundbreaking research? Ready to take the stage at HITCON and step into the spotlight? Or maybe you've just made a jaw-dropping discovery and can't wait to share it with the world? HITCON 2026 CFP is coming — we're waiting for you 🔥 Theme: When AI Acts: Hacking the Age of Agentic Systems AI security has been a recurring theme at HITCON. As language models evolve from linguistic comprehension to agentic action, the security challenges of AI have grown substantially. LLMs are inherently susceptible to adversarial attacks––vulnerabilities such as jailbreaking, prompt injection, and model alignment represent challenges that are theoretically difficult to eliminate. As Agentic AI bridges diverse systems, it not only inherits vulnerabilities from the underlying infrastructure but propagates them across all integrated environments, forming a complex and interdependent supply chain that significantly expands the attack surface. Beyond this, the foundation model, training procedures, training datasets, and even Tool Use all emerge as new attack vectors––yet security continues to be deferred to the final stages of the development lifecycle, repeating a well-worn mistake from IT history. How to embed Security-by-Design into AI system development in this new era has become the next critical challenge for the information security community. 【Important Dates 📅】 - Call for Papers Opened: March 27, 2026 - CFP closes: May 3, 2026 (Anywhere on Earth) - Notification to Submitters: May 17, 2026 (for those who agreed to AI Review Assistant); May 24, 2026 (all other submissions) - Event date: August 21 - August 22, 2026 【How to Submit 📝】 The submission system will be launching soon—stay tuned to our fan page for the latest updates! If you have any questions, feel free to contact us at reviewboard@hitcon.org. #HITCON2026 #HITCON #CallForPaper #CFP #AI

Opus 4.6 (1M) through Claude code solved autonomously 45/54 challenges of BSidesSF 2026 @BSidesSFCTF, placing temporarily into the 21st place, 25th as of now. This was done with 0 involvement, I didn't give any guidance or manually reviewed any challenges. I used BoxPwnr 🤖 with the CTFd platform to launch challenges in multiple instances, that's it. I will publish all the traces once the competition finishes, in the meantime you can see the challenges, number of turns and time it took to solve each here: 0ca.github.io/BoxPwnr-Traces… In the following days I will try to understand why it couldn't solve the 9 remaining challenges: difficulty? long exploration-context rotting? interactive interaction required? challs using video/image? We will see. Models have improved significantly in the last 6 months, see Cybench results Opus 4.1 vs 4.6 (42% to 93%) cybench.github.io It's crazy to see what LLM's can do with a minimum harness.

Dashboard for geopolitical monitoring and news aggregation github.com/koala73/worldm…

Big "thank you to @RecordedFuture for having picked up on our story about "Expedition Cloud", a CN made cyber range designed to conduct cyber attack drills against "adversaries critical infrastructure". therecord.media/leaked-china-d…

The new @REMnux MCP server lets AI analyze malware using the REMnux toolkit. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach malware analysis and providing AI the right guidance at the right time, so it can think and adapt as it works. zeltser.com/ai-malware-ana…

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114 by @rapid7 rapid7.com/blog/post/tr-c…

I'm happy to announce this new release.

⏰One month to go before #PIVOTcon26 #CfP deadline ✅don't miss the chance to present your #ThreatResearch in a trusted, vetted environment attended by some of the best #CTI #ThreatIntel researchers! pretalx.com/pivotcon26/cfp 👇meme-based guideline for submissions 👇

China’s Ministry of State Security (MSS) is not a monolith, but highly provincialized. Its provincial bureaus function as the operational nerve centres of state cyber ops. In a new piece, @MeiDanowski and I examine their roles and patterns of specialization (link in thread)

‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities. He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.

And if you want to go a step further, here is a design that will help you build your AI incident response playbook 🤓

Microsoft mitigates Windows LNK flaw exploited as zero-day - @serghei bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

Chinese state propaganda outlet CGTN is questioning Japan's claim to Okinawa and talking about the so-called "undetermined status" of the Ryukyu islands. Most Okinawans consider themselves to be Okinawan/Japanese, not a separate country.

@fr0gger_ Interesting !

How crazy is NanoBanana to generate complex graphics. Here is an example of a map generated from the ESET report from September 🤯

@dutch_osintguy Cool, welcome to Japan!

Looking forward to my #OSINT in person talk in Tokyo, Japan. #OSINTaroundtheworld f2ff.jp/introduction/1…

2nd round of #JSAC2026 Call for Presentations and Workshops is now open until 17 Nov 2025. We look forward to your submissions. ^YU jsac.jpcert.or.jp/en/cfp.html

After a long hiatus into the world of ITWs, I present my research on Mangyongdae and its importance to the #DPRK Cyber-Warfare machine. Included are new ITW indicators, alongside analysis of recent developments within the district. We also found Unit 91. cyberbladesecurity.com/the-pyongyang-…

We’re excited to share how we do attribution within @Unit42_Intel and I’m extremely proud of the team for putting in the work behind the scenes to make this happen. unit42.paloaltonetworks.com/unit-42-attrib…

Hopefully yall enjoy small charts of #NorthKorean IT worker accounts. Today, it's a post-minions assessment.