Attending AI DevCon? Join Joseph Katsioloudes and discover practical ways to use AI for security through 12 GitHub Copilot demos from secure coding, to informed supply chain decisions, and secure SDLC.
đź“… June 1, 10:00 AM BST
đź“Ť London, UK & Virtual
👉 https://tessl.io/speaker/josephkatsioloudes/
Your mother tongue is the new programing language for creating exploits.
For maintainer month, we took inspiration from #OpenClaw and built ProdBot! An intentionally vulnerable agent wired up with MCPs, skills, agentic workflows, and multi-agent capabilities. You will learn from it, while having fun!
Play now at: gh.io/secure-code-game
Learn more: https://github.blog/security/hack-the-ai-agent-build-agentic-ai-security-skills-with-the-github-secure-code-game/
On 25th April at 10AM, join @blazingwindsec
for the workshop "Introduction to security research. Find a CVE with CodeQL" at the Linux Session organized by Akademickie Stowarzyszenie Informatyczne in Wroclaw, Poland!
More information on the conference's website: linuksowa.pl
Building with AI? 🤖
Then you won’t want to miss tomorrow’s @devoxxfr workshop with @xcorail and @jkcso — all about how to build robust AI-powered applications.
Shall we play a Game? LLM Security in Practice
https://m.devoxx.com/events/devoxxfr2026/talks/29753/shall-we-play-a-game-llm-security-in-practice
đź“Ť Paris 142
🗓️ April 22, 10.30am CET
Catch Shelby Cunningham on stage at CVE/FIRST VulnCon 2026 in Scottsdale, Arizona.
Her panel, “Supply Chains and Malware Campaigns: Is CVE the Right Way to Name the Game?”, examines whether CVE is the right tool for tracking open-source supply chain compromises — from isolated package incidents to large-scale campaigns affecting hundreds of packages.
Date: April 16, 2026 | 1:15–2:15 PM MST (UTC-7)
Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their security skills.
Who’s at VulnCon? Join Sophia Sanles-Luksetich and Zachary Goldman at CVE/FIRST VulnCon 2026 in Scottsdale, Arizona.
Their talk, “Flipping the Criticality Funnel: A Practical Path to Real Prioritization”, covers how GitHub built a unified risk-scoring model that combines CVSS, EPSS, KEV, and asset context to cut through alert noise and drive remediation where it matters most.
Date: April 15, 2026 | 11:35 AM–12:05 PM MST (UTC-7)
Versions >= v6.38.0 and < v8.4.2 of the website flavor of Signal for Android (distributed at https://signal.org/android/apk) allows another installed app without any permissions to exfiltrate decrypted attachments (photos, videos, documents, voice notes) by exploiting Intent redirection, potentially exposing sensitive user data.
Signal for Android versions >= v8.1.0 and < v8.3.0 are affected by a vulnerability where an attacker can exploit improperly validated group context within the Admin Delete message handler, leading to unauthorized message deletion.
