The Austria Cyber Security Challenge #ACSC '26 has started! 🇦🇹

• Qualifications are live 1 March - 1 May
• Juniors, Seniors & Open categories
• Challenges from Web to Pwn, Crypto, Rev & more
• Finale in Linz this September

Join us & spread the word 👉 https://acsc.land/

#ACSC2026 #Cybersecurity #CTF #CyberSecurityAustria #TUWien #CySec #CyberTalent #Infosec

Few days left to submit your work to #MADWeb '26!

The CfP is open until Dec 11 (AOE). We welcome all Web-related submissions from full papers (10 pages) to work-in-progress papers (6 pages, no proceedings).

It's a great chance to present your work in the sunny San Diego, connect with an amazing community, or get early feedback to improve your research. Don't miss out and spread the word!

🔗 https://madweb.work/

@madwebwork

#cfp #web #websec #websecurity

The road to #ECSC2025 has officially kicked off! We just wrapped up our first qualifier event to select the 10 members of Team Austria who will compete in the European Cyber Security Challenge #ECSC in Warsaw later this year.

Over the weekend, 30 participants focused on attack/defense training with #ENOWARS CTF and tackled some great challenges from #DownUnderCTF. Nice to see so many young and motivated hackers in action.

Huge thanks to IKARUS Security Software for hosting us, to my co-coach Manuel Reinsperger, and to everyone who spent the weekend hacking, learning, and having fun together. Looking forward to the next round.

#CTF #tuwien #enisa #TeamAT #TeamAustria @enoflag @DownUnderCTF

Our new Android attack, #TapTrap, is getting media coverage. Here's a quick explainer.

It's a new tapjacking technique that exploits Android's UI animations to hijack user taps without requiring any permissions. @beerphilipp will present it at #USENIX Sec'25.

🌐 https://taptrap.click

Unlike classic tapjacking, TapTrap uses Android's built-in activity transition animations to launch a transparent activity on top of the attacker's app. The user thinks they're tapping a harmless button, but the tap goes to a permission/system prompt, a browser, or a sensitive app without notice.

It works on Android 15 & 16, while @GrapheneOS has recently issued a fix. Major browsers such as Chrome and Firefox promptly patched after we disclosed the vulnerability. We also analyzed ~100K Play Store apps finding that TapTrap is currently not being exploited in the wild.

This effort is the result of a collaboration with @beerphilipp, Sebastian Roth and @lindorferin. Kudos to Philipp for discovering the issue and doing the heavy lifting. And thanks Vienna Science and Technology Fund (WWTF) for making this research possible and supporting us ♥️

See you at #USENIX in Seattle next month!

After many years of battles with @mhackeroni, I'm blown away to announce that we've qualified for the #DEFCON CTF finals with KuK Hofhackerei 🇦🇹 this year!

New friends, same love. Couldn't be prouder of this team.

Thanks to @nautilusinstitute for organizing and see you in Vegas! 🚩