Devil Doll, Esq.How we reshape the fallout, is up to us.
But, there will be monsters.
There always are.
Tanya Janca | SheHacksPurple 
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/4hpWKl
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2
Emergency DevSec Station drop: NPM Worm in the Wild
Kyle Reddoch (CybersecKyle)New by me: Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy
AI-assisted coding can absolutely help teams move faster. It can also help them ship weak access controls, insecure defaults, risky dependencies, and code nobody on the team can confidently defend.
I wrote about why that matters and why review still matters just as much as speed.
Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy
AI-assisted coding is speeding up software development, but it is also making it easier to ship insecure defaults, weak access controls, poisoned dependencies, and code nobody on the team can confidently defend.
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/E5Aq2o
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2
Emergency DevSec Station drop: NPM Worm in the Wild
๐จ Emergency DevSec Station drop.
There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
BSidesLuxembourgโ๏ธ Technical Spotlight: New Session at BSides Luxembourg 2026
๐๐ข๐ช ๐ฆ๐๐๐จ๐ฅ๐ ๐๐ฆ ๐ฆ๐๐๐จ๐ฅ๐ ๐๐ข๐๐ ๐๐๐ก๐๐ฅ๐๐ง๐๐ข๐ก? ๐ฃ๐จ๐ง๐ง๐๐ก๐ ๐ง๐๐ ๐๐๐ ๐ฆ ๐ง๐ข ๐ง๐๐ ๐ง๐๐ฆ๐ง โ Melissa TESSA
A sharp 5-minute lightning talk challenging the assumptions behind AI-assisted coding. As developers increasingly rely on LLMs, this session exposes how โsecure-by-designโ claims often break under realistic conditions.
Through adversarial testing and real research insights, discover how LLMs can introduce hidden risksโfrom fragile evaluation methods to slopsquatting attacks via hallucinated package names. A must-see for anyone building or securing modern software with AI in the loop.
Melissa TESSA is a doctoral researcher at the University of Luxembourgโs SnT, working at the intersection of AI, software engineering, and cybersecurity. Her research focuses on enabling large language models to generate secure codeโand uncovering where they fail.
๐
Conference Dates: 6โ8 May 2026 | 09:00โ18:00
๐ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐๏ธ Tickets: https://2026.bsides.lu/tickets/
๐
Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026
#BSidesLuxembourg2026 #AISecurity #LLMSecurity #SecureCoding #CyberSecurity #AI
halil denizNoSQL Injection Attacks: MongoDB, CouchDB, and More โ NoSQL injection
In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/
#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding
TechNaduThe security implications of "Tokenmaxxing" cannot be ignored. As code churn increases by 800%+, the window for technical debt - and potential vulnerabilities - widens. If 10-30% of AI code is being rewritten within weeks, what does that say about the initial security audit of that code?
Source: https://techcrunch.com/2026/04/17/tokenmaxxing-is-making-developers-less-productive-than-they-think/
Are you seeing more insecure patterns creeping into codebases via AI agents? Letโs discuss the risk-to-reward ratio of AI-accelerated development. Follow us for more technical analysis of the AI landscape.
#InfoSec #AppSec #CyberSecurity #SecureCoding #DevSecOps #Technadu
Analyst207Firms Scramble to Secure AI-Generated Code
As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.
#AigeneratedCode #CodeSecurity #ArtificialIntelligence #EmergingThreats #SecureCoding
Another session announcement for BSides Luxembourg!
๐ป ๐ง๐๐ข๐ฆ๐ ๐ช๐๐ข ๐๐ข๐กโ๐ง ๐๐๐๐ฅ๐ก ๐๐ฅ๐ข๐ ๐๐ฉ๐๐ฆ ๐๐ฅ๐ ๐๐ข๐ข๐ ๐๐ ๐ง๐ข ๐ฅ๐๐๐๐ฆ๐๐ข๐ฉ๐๐ฅ ๐ง๐๐๐ - Louis Nyffenegger (@snyff ) ๐ฅ
Real vulnerabilities donโt appear in isolation, theyโre rooted in code, context, and human error. This session walks through actual CVEs, analyzing the code where they were introduced. You will see the patterns, assumptions, and language quirks that led to the flaw - not just the exploit, but the moment it couldโve been caught.
Louis Nyffenegger https://bsky.app/profile/snyff.pentesterlab.com is the founder of PentesterLab and AppSecSchool, application security expert, and hands-on trainer with experience at the National Bank of Australia, Australia Post, and Fitbit.
๐
Conference Dates: 6โ8 May 2026 | 09:00โ18:00
๐ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐๏ธ Tickets: https://2026.bsides.lu/tickets/
๐
Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg #CVE #CodeReview #SecureCoding #PenTest #SecurityEducation #DevSecOps