Niels Tanis

It's not that I mind AI written vulnerability reports for .NET, but there are a few problems we're seeing

1) Simply submitting the output from your favourite AI without testing the code it says demonstrates the vulnerability is bad.

(1/4)

#BSidesLDN2025 videos are now live on our YouTube channel.
Don’t forget to like and subscribe, we only publish once a year, your support makes a real difference!
www.youtube.com/@Securitybsi...

Huge thanks to @ministraitor.bsky.social & all our presenters for sharing their time and expertise!

𝐓𝐡𝐢𝐬 𝐭𝐢𝐦𝐞 𝐰𝐞’𝐫𝐞 𝐠𝐨𝐢𝐧𝐠 𝐞𝐯𝐞𝐧 𝐝𝐞𝐞𝐩𝐞𝐫! #UCK26

👉 krakow.updateconf.net

#UpdateConference #Krakow

@davidortinau.com & @konradkokosa.bsky.social & @codrina.bsky.social & @jfversluis.dev & @louella.dev & @niels.fennec.dev

Aspire beyond the basics.
Aspire goes beyond its defaults once you understand the ideas underneath it. That foundation opens the door to extending Aspire in meaningful ways.
Watch the full session from VSLive! Orlando
youtu.be/rZQbhDfj7ek

NDC Copenhagen 2026 - 4-Day Event for Software Developers

The NDC Copenhagen Agenda is out 🇩🇰
See the full agenda and secure your Early Bird tickets before 27 Feb 👉 ndccopenhagen.com #ndccph

How hard can it be 😂

Like many services, as Signal grows, it becomes a more appealing place for scammers to try and cause harm.

We've put together tips to help you protect yourself from phishing, scams, & impersonation attempts. Plus info about how Signal support communicates.

support.signal.org/hc/en-us/art...

Call for Papers ends 1 Feb

📢 The NDC Copenhagen #CFP ends this Sunday, 1 February!
We welcome all subjects relevant to software developers. If you have something to say, then speak up!
📅 Deadline: 1 February
👉 Submit: ndccopenhagen.com/call-for-pap...
#ndccopenhagen

I'm going to be around as well! Looking forward to it!

After a bit of trial and error, I finally made an agent that does exactly what I want. No hallucinations. Runs locally. And costs almost nothing.

#! /bin/bash

// Do exactly this one task and nothing else.
// If it doesn't work, wait 30 seconds and try
// again. If that fails, log a message.
doTask

Yeah that was kind of how I thought about it.. But hey here you go..

On 9 January 2026 mine and my family's lives changed forever.
I tell the full story in this video: youtu.be/mNEPSWcOheY

If you want to support my family as well as our local community, consider sharing this post, or donating here: www.gofundme.com/f/we-lost-al...

If 2025 was the year of vibe coding, 2026 will be the year of vibe maintenance and security.

It's that time of the season again, time for BsidesLondon! Let me know if you're around!

Introducing NDC Toronto, 5-8 May 2026

We’re headed to Toronto! 🇨🇦
We’re excited to partner up with @cppnorth.bsky.social for an incredible 4-day event you don’t want to miss. We’re currently booking speakers, and the CFP is open → ndctoronto.com

Generating SBOMs for .NET apps and NuGet packages with Microsoft.Sbom.Targets

Won't somebody please think of the children!? – Niall Merrigan – HelloStavanger 2025 YouTube video by HelloStavanger

I recently did a talk on internet safety for parents/guardians and it was well received by those in the room. Its honestly the toughest talk I have researched and given. It might help you if you have kids or you are the local tech support for people with small humans. www.youtube.com/watch?v=UgF5...

The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...

Oops. Cryptographers cancel election results after losing decryption key. Voting system required three keys. One of them has been “irretrievably lost.”…

I think this is not the type of “tampering” Matt Blaze was concerned with

NDC ONLINE WORKSHOPS – 1. des. 2025 – NDC Conferences AS

If you missed Aleksander Stensby's 2-day workshop on MCP and RAG at NDC AI last week, don’t worry - you can still join the online workshop on 1–2 December!

event.checkin.no/206017/ndc-o...

Post-Quantum Cryptography in .NET - .NET Blog What we've added for PQC, and how we got there.

The details of .NET's PQ algorithms, and their APIs are available

devblogs.microsoft.com/dotnet/post-...

🎤 Meet one of our VISUG XL 2025 speakers: 𝐍𝐢𝐞𝐥𝐬 𝐓𝐚𝐧𝐢𝐬!

We’re excited to welcome 𝐍𝐢𝐞𝐥𝐬 this year at Visug XL, our yearly, free, community-driven .NET conference.

📅 November 28, 2025
📍 UCLL Leuven

👉 More information and tickets: www.visug.be/Events/102

#VisugXL #DotNet #Community #Conference

Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain | NDC Manchester 2025 With 80% of modern applications built on third-party code, supply chain security has become critical. Traditional security tools like OpenSSF Security Scorecard provide surface-level metrics, but fail...

With 80% of modern #apps built on third-party #code, supply chain #security has become critical. Don't miss
@niels.fennec.dev "Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain" at #NDCManchester!

ndcmanchester.com/agenda/beyon...

Chatbots — LLMs — do not know facts and are not designed to be able to accurately answer factual questions. They are designed to find and mimic patterns of words, probabilistically. When they’re “right” it’s because correct things are often written down, so those patterns are frequent. That’s all.

Timeline of .NET Standard Term Support. text reads: .NET STS releases supported for 24 months .NET 7 Nov 2022 .NET 8 Nov 2023 May 2024 .NET 9 Nov 2024 Latest release .NET 10 Nov 2025 May 2026 .NET 11 Nov 2026 STANDARD TERM SUPPORT Patches for 2 years LONG TERM SUPPORT Patches for 3 years Get the details The image also includes a timeline with colored bars: Purple bar = Standard Term Support (STS) for 2 years. Gray bar = Long Term Support (LTS) for 3 years. .NET 9 is highlighted as the latest release.

We are increasing the length of support offered for .NET Standard Term Support (STS) releases from 18 months to 24 months. This change is effective starting with .NET 9 and there is no change for LTS releases.

Get all the details you need: msft.it/63328t6MeM

Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).

Learn why VEX matters in our blog post: msft.it/6014shEmn

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated ...

"A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called #GlassWorm that has been installed an estimated 35,800 times."
#CyberSecurity #VSCode #SupplyChainAttack
www.bleepingcomputer.com/news/securit...

Data quantity doesn't matter when poisoning an LLM : Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset

"Researchers [...] said today that it takes only 250 specially crafted documents to force a generative AI model to spit out gibberish when presented with a certain trigger phrase."
#AI #LLM #GenAI #ModelPoisoning #AISecurity #CyberSecurity
www.theregister.com/2025/10/09/i...

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability · Issue #371 · dotnet/announcements Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability i...

It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.

The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...

* Thread- (1/7)