Pro tip: Don't edit DNS zone files drunk...... 😳

Had to update the meme for Claude Fable 5.

🚨Update for the meetup on the 10th of June🚨 This month we have @ScottMcGready delivering a talk about the strange things he's found in buckets, and @matthewwilkes discussing cookie recipes...... or something. Hope to see as many of you as possible dc151.org/posts/june-2026-me…

Getting "spiders on drugs vibes from this" youtube.com/watch?v=sHzdsFiB…

Oh shit. Is it that time already? Bugger. We'd better get a social media post out....... Sorry for the late announcement this month folks. We've got a couple of great speakers though! Details in the link: dc151.org/april-2026-meetup-…

🎮 LAST CALL, PLAYERS 🎮 The clock is ticking… The BSides Leeds CFP closes TODAY! This is your chance to press START on your talk, share your knowledge, and level up the community. Whether you're a first-time speaker or a seasoned pro, we want to hear your ideas!

We’re excited to launch our Call for Sponsors for BSides London 2026. BSides London is entirely community-driven and funded only through sponsorship, it's your support that makes this event possible! Info pack: bsides.london/s/ponsorship20… #BSidesLDN2026 #BSides #London #Sponsors

The use of the word “limited” is a great way of skewing statistics, especially when you consider millions of customers. My wife’s work includes looking for evidence of domestic violence. She said this bank incident would trigger a lot of cases. People don’t think of wider issue

🎖️ BSides London 2026 🎬'No REST 'til Hammersmith' 📅 12th December 2026 🏛️ Novotel London West 📜CFP open 1 Aug-30 Sept 🎟️Tickets available on the 1st of Sept, Oct & Nov 😍Sponsor info pack available in April 🌏BSides.London #BSidesLDN2026 #Security #BSides #London

Slightly late announcing this one - apologies! This month (11th March) we've got John Follin presenting his talk "Making Shor: cryptography in a post-quantum world". All are welcome. Full details in the link: dc151.org/march-2026-meetup-…

#BSidesLDN2025 videos are now live on our YouTube channel. Don’t forget to like and subscribe, we only publish once a year, your support makes a real difference! youtube.com/@SecuritybsidesO… Huge thanks to @Ministraitor & all our presenters for sharing their time and expertise!

Yeah, so pretty much that whole Windows 11 Notepad RCE thing was ridiculously stupid. Like, it was so dumb it kind of hurts. Windows 11 Notepad, with the fancy Copilot AI slop, now possesses the ability to handle mark up, or markdown, ... It's mark something, the stuff used in ReadMes. Whatever. Anyway, a security researcher realized that if you used markup in Notepad and instead of a hyperlink to a website with https:// you put file:// (the protocol on Windows for files, like in file explorer), it will arbitrarily execute it. It won't prompt you. Furthermore, he realized you could specify a remote host to execute it from using a different Microsoft specific protocol used for app installation. In other words, if you user clicked the hyperlink in Notepad it would download and run a program from any website ... without alerting the user. Normally, any sort of hyperlink that leads to a different domain, or tries to execute a file, is supposed to prompt you with an alert message, ... or something. However, Microsoft software engineers seemingly forgot to implement this notification Window. With this attack vector which has been present for AT LEAST 9 months, a malicious actor could send a .txt file and if the user clicked the link inside the .txt file it would automatically execute and run anything specified in the hyperlink. Even more silly, forensically under the hood, the logs on Windows, or to an anti malware service, it would look like Notepad was downloading something and then running a program. This is a very unique scenario which (to the best of my knowledge) no security product has encountered before. This could hypothetically result in files being downloaded and executed and being completely ignored by anti malware services because Notepad is a known and trusted program. Why would an anti malware service question Notepad? Basically, the point I'm trying to get to here is that I don't understand why Microsoft has introduced so many new features into Notepad. With new features means a new attack landscape (more stuff to abuse). Whatever man

We've had the dome collective out tonight. With talks tonight from @gr4y_r0se and Sean

Quick update for our meetup on the 11th Feb: dc151.org/february-2026-meet…

Petition: By-elections to be called automatically when MPs defect to another party. This just makes completed sense and should reduce the incentive for individuals to stand, and move parties, for personal gain, and not in the interest of the constituents of the area. petition.parliament.uk/petit…

2 amazing talks to kick off the new year from Venus and Fabien

Today my boss asked me if we're "ready for AI this year". I said absolutely. I told him we've been running "machine learning models" on our data infrastructure for the past 18 months and we're seeing "significant optimization gains." He asked for specifics. I said, "Our email filtering system uses neural networks to detect phishing attempts with 97% accuracy." He looked impressed. Here's the truth: that's just the default spam filter in Office 365. Microsoft built it. We didn't do anything. But I rebranded it as "AI-powered threat detection" in a slide deck last year, and now everyone thinks we're innovators. My boss wants to announce our "AI initiatives" in the next shareholder meeting. I told him I'd prepare a presentation. I'm going to take every automated process we already have—backup scripts, user provisioning, patch management—and add the words "AI-enhanced" in front of them. Innovation isn't about building new things. It's about renaming old things with better buzzwords.

Happy New Year! We have 2 amazing speakers for our next meetup on the 14th Jan. All details in the link: dc151.org/january-2026-meetu… Hope to see as many of you as possible there

Pssst Sick of the AI hyperbole? Come and see what actually is working unpromptedcon.org/

OK, quick update! We have passed, with gift aid a figure that is unbelievable. We currently are sitting at, including gift aid, a total of £10,000.01 all going to @CR_UK In case you wish to increase it: justgiving.com/page/bsideslo… #BSidesLDN2025 #Security #BSides #London #Charity