We've had quite a few submissions to our CFP so far, but we still need more. If you have something interesting to share with the community, get it submitted here: forms.gle/Sx4EZNRcS9zb...

Just built a cool demo for dependency confusion with NPM. I can hijack my local packages to run malicious code. If I get time I might publish it all.

For those who missed it yesterday, our CFP is now open.

Our call for crew is also open. First timers and 10 year veterans, all welcome to apply. forms.gle/doLgUMgGPtTo...

Our CFP is now open. We aren't just looking for 1337 tech talks, we want social skills, admin, defence, and all sorts to give us a nice rounded day. Any questions, please ask. forms.gle/JRrZQZojtbGQ...

@infosecmo.bsky.social don't turn to ice mate, it's daft!

If you want to get your company shouted out on our socials, get an advert in our brochure, and get mentioned in both the opening and closing talks, please get in touch, we are always looking for more sponsors.

Our first fully committed sponsor is @zephrfish.yxz.red. Long time supporter as a speaker and now a sponsor as well. Andy would like everyone to know about his Malwareless Adversarial Emulation training course lms.zsec.red We may be biased, but we reckon it is top quality stuff.

@j4vv4d.com what was the name of the Alienvault alien? I've still got an inflatable one sitting in my kitchen and I'm sure had an official name but can't remember it

Airport Incident Response I was going to be click-baity and title this post, "what incident response taught me about mixing up airports", but honestly, looking at LinkedIn these days, I think the humour would be lost. I'd end up with 50 new followers (75 if I ended the post with the word, "Agree?"…

And we are still looking for sponsors, so if you want to get your brand involved, let us know and we can do you a deal.

And just to confirm, the event itself is July 10-12, we are the weekend before EMF Camp. We had them move their weekend so it didn't clash with ours.

With Easter coming up quick it is time for a date announcement. 1 March - CFP and call for crew opens 1 April - Pre talk announcement tickets 3 April CFP and CFC closes ~ 20 April speakers confirmed ~ 24 April main ticket drop Links and stuff coming closer to the dates.

i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS lyra.horse/x86css/

I'm taking a @jameskettle.com approach to bug bounties and I've found a vuln and I'm firing it all over to see where it lands. I've found some cool stuff, but working out who to report things to, and getting people to listen, is a nightmare!

You can tell Gmail is getting good at spotting low end extortion scam emails. I just got one where they have put a lot of effort into disguising all mentions of coin, btc, stuff like that. They've even split the BTC address in two and then explained how to put it back together

Royal Mail Tracked 48 only aims to deliver in 2-3 days. "Royal Mail Tracked 2-3 days ish" I guess probably wouldn't sell as well.

If anyone is good with telegram and is bored, I've just been sent a link to a phishing page which sends captured credentials to this telegram chat channel. Go at it!

The Pastebin security team are on the ball. I've reported three comment spammers over the last two days and all three have been taken down within hours of the report. Compare that to GitHub where I reported something two days ago and I've just got a mail to say they received the report.

My book keeper has just pointed out that she has been doing my returns for 24 years. In my head I've only been doing this security thing for a few years, where has the time gone?

Can anyone recommend a good third-party Windows app for blocking USB devices?

I've just had two transactions made on my credit card to Asos. I've not spent with them for over 3 years and my card details have changed since then. My card provider says it looks like a saved token rather than new transactions. Have Asos been popped?

The SSL Labs site has been down since Friday. Does anyone know if this is a permanent thing or just something broken and no one there to fix it over a weekend?

What's the best/cheapest way to get AI to process 6.1G of elasticsearch data? Everything from web server logs to chat data to random stuff.

It's good but annoying when you spend ages on a nice write up and PoC but the client fixes the issue before they even see the report.

Don't put your DVWA instance on the internet! www.darkreading.com/application-... I've done scans like this many times and it does worry me what is out there!

Can anyone recommend a tool that lists all the privileges a MySQL user has? I want to give it a user and full db access and get a list of what that user can do.

🔥 CVE-2026-23993: HarbourJwt JWT auth bypass via unknown alg. Not just alg=none: unsupported alg => empty signature, so forged token header.payload. passes. Write-up + fix: pentesterlab.com/blog/cve-202...

I've just created my first NPM package as as a cool way to bypass a CSP. I also found a second way using a GitHub proxy. github.com/digininja/cs... Both of these are now in the CSP Bypass section of DVWA.

Has anyone else noticed the knob drawn on the tennis court in Night Manager?

Just ticked over 2000km of running this year. It wasn't a goal at the start of the year but I noticed it was close last Sunday so decided to put the effort in and complete it.

Vodafone/Openreach network connectivity outage in my area. No broadband till engineer comes out on Monday. Great Christmas present! @vodafonegroup.bsky.social @vodafoneuk.bsky.social

Happy Christmas, happy holidays, happy anything. Have a great day everyone

Report submitted, invoice emailed, shutting the machine down and not planning to come back for two weeks. Have a good holiday everyone.

On an external test you find an abandoned web app that throws an error that includes its database connection string. The app is completely dead and only web ports are open on the box. Is this a high finding as there are leaked creds, or low because you found something but can't do anything with it?

I wanted to give a shoutout to the best events I attended in 2025 - and hopefully give you some ideas of what to look out for next year. @bsideslondon.bsky.social @bsidesbirmingham.bsky.social @steelcon.info #bheu2025 @csidesummit.bsky.social wp.me/p2Xih2-8F

Good luck to @bsideslondon.bsky.social , wish I could be there rather than ferrying kids around the country

Just found a new but annoying auto enabled Google maps feature on pixel 10. It's now always showing the map while navigating, even if the screen is locked and off, it's shown in black and white. Can be disabled in Settings > Navigation > Driving options > Power saving mode

@infosecbattlebots.bsky.social how big a fight cage can you build?

Delivery by robot coming to Sheffield. I really hope these are in place (and survive long enough) to be there next July. www.sheffieldforum.co.uk/topic/499843...

Garmin is down so bad that even their status page is down!

@jaysonstreet.bsky.social Happy Birthday mate. Hope you are doing well wherever you are in the world. Try to take it easy on yourself and make sure you get at least three treats in.

We'd like you to cancel your ticket to #BSidesLDN2025 Seriously, we do! But only if you can't come, someone else can actually use the ticket & it will not be wasted. Much effort goes into the event, and many opportunities created for all to benefit from, so don't be that person!

You can now scan for #react2shell in Burp Suite! To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to Assetnote for sharing a quality detection technique!

It is interesting to see what you get at the lower price points. They obviously don't think much of testing Azure apps and forensic imaging. Sorry to whoever wrote those

This Humble Bundle has a lot of really good hacking books from No Starch Press, and it supports EFF! Get it!

Here's your constantly updated Black Friday deals list with some 150 sports tech deals, including a boatload of new ones today. Watches, bike tech, action cams, drones, and plenty more: www.dcrainmaker.com/deals

I know face blindness is a thing, but is icon blindness a thing as well? I can stare at a set of icons I use every day and any that are vaguely similar kinda merge. Chromium, Shutter, Signal are all round blue things and I have to really think to work out which is which.

is Obsidian still the recommended free note taking app? I'm finally going to remember to cancel Evernote before it renews again next month.