⚡ Fresh Talk Alert for BSides Luxembourg 2026!

“Confound and Delay: Honeypot Chronicles from the Digital Battlefield” – Kat Fitzgerald ( @rnbwkat )
Talk (40 minutes)

Step into a 40-minute talk that takes you across the globe through real-world honeypot deployments, uncovering how attackers behave when they think no one is watching. From unexpected attack patterns to cultural quirks and operational chaos, this session blends storytelling with practical insights drawn from running deception systems in diverse and high-risk environments.

Through vivid field experiences, you’ll learn how honeypots can be tailored, maintained, and leveraged to strengthen detection and response strategies. Beyond the humor and war stories, the talk delivers actionable lessons on cyber deception, resilience, and turning attacker behavior into defensive advantage.

Kat Fitzgerald ( @rnbwkat ) a Chicago-based security engineer known for blending technical depth with humor and storytelling. With extensive experience running honeypots across global environments, she brings unique insights into attacker behavior, cyber deception strategies, and real-world operational challenges.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

📲 Want to navigate the event easily? Check out the full schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

# BSidesLuxembourg2026 #CyberSecurity #Honeypots #ThreatIntelligence #BlueTeam #SecurityResearch

>The security industry is going to get bigger because of AI, not smaller. There’s more code to audit, more attack surface to cover, more companies shipping faster than their security teams can keep up with. The demand for people who can actually find and understand vulnerabilities is going up, not down. AI is a force multiplier. It always needs a human guiding it, and I think it always will. The future is human researchers with AI tools, not AI researchers with no humans. And honestly, given the quality of code AI is helping produce, security researchers should be thanking it for the job security.

Much needed quote from Simon Koeck.

While to be very fair, the content of the blogpost are not something new. Just a regular reassurance we needed.

I need to add additional things that I think most reassurance post has not been said.

**SECURITY RESEARCH IS NOT JUST ABOUT FINDING 0DAYS**

We have unnecessary censorships to fight, educating, creating better frameworks, creating better tools, AND MANY MANY MORE.

It won't go away just because Glasswing finding zero days.

https://simonkoeck.com/blog/ai-is-not-replacing-security-researchers

#cybersecurity #infosec #ai #security #securityresearch

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

I don't know enough about security research. For a project like Node.js does stopping bug bounties drastically impact anything?

On the face of it, no money means people may be less incentivised to help or report, which feels bad.

But Node.js is a massive concern, so is there enough goodwill and surface area that people will help and report anyway? Simply because big orgs rely on it?

https://nodejs.org/en/blog/announcements/discontinuing-security-bug-bounties

#Node #NodeJS #Security #SecurityResearch #BugBounty

🚨 The #EuroSec2026 program is now LIVE! 🚨

We’re excited to share the program for the 19th European Workshop on Systems Security, co-located with #EuroSys2026 in Edinburgh 🇬🇧

🔥 Keynote speakers:
⭐ Kaveh Razavi (ETH Zurich)
⭐ Lorenzo Cavallaro (University College London)

Expect cutting-edge #InfoSec and #SystemsSecurity research, discussions, and community conversations.

🔎 Program: https://eurosec-workshop.github.io/

See you at EuroSec 2026!
#ComputerSecurity #SecurityResearch

https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/

Windows Zero-Day Published on Github as Microsoft Fails to Act

#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech

Anthropic pointed Claude Code at Linux kernel source files one at a time, framed as a security puzzle. It found a heap overflow in NFS code hiding since March 2003. Four more kernel bugs followed. 500+ validated vulnerabilities in weeks. Linux Foundation set aside $12.5M to help maintainers cope. Nobody found a volunteer to maintain a Google Drive library for 3.5 years. The bottleneck was never the bugs.

#LinuxKernel #OpenSource #SecurityResearch #AISecurity

How to become a bug bounty hunter

https://negativepid.blog/how-to-become-a-bug-bounty-hunter/

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

https://winbuzzer.com/2026/04/01/claude-ai-freebsd-remote-kernel-exploit-root-shell-xcxwbn/

Claude AI Writes Full FreeBSD Kernel Exploit in Four Hours

#AI #Anthropic #Claude #Cybersecurity #ZeroDay #Exploits #SecurityResearch #AIArmsRace #Linux #FreeBSD