HITCON 2026 - Call for Papers Preview
Got groundbreaking research? Ready to take the stage at HITCON and step into the spotlight? Or maybe you've just made a jaw-dropping discovery and can't wait to share it with the world?
HITCON 2026 CFP is coming — we're waiting for you 🔥
Theme: When AI Acts: Hacking the Age of Agentic Systems
AI security has been a recurring theme at HITCON. As language models evolve from linguistic comprehension to agentic action, the security challenges of AI have grown substantially. LLMs are inherently susceptible to adversarial attacks––vulnerabilities such as jailbreaking, prompt injection, and model alignment represent challenges that are theoretically difficult to eliminate. As Agentic AI bridges diverse systems, it not only inherits vulnerabilities from the underlying infrastructure but propagates them across all integrated environments, forming a complex and interdependent supply chain that significantly expands the attack surface. Beyond this, the foundation model, training procedures, training datasets, and even Tool Use all emerge as new attack vectors––yet security continues to be deferred to the final stages of the development lifecycle, repeating a well-worn mistake from IT history. How to embed Security-by-Design into AI system development in this new era has become the next critical challenge for the information security community.
【Important Dates 📅】
- Call for Papers Opened: March 27, 2026
- CFP closes: May 3, 2026 (Anywhere on Earth)
- Notification to Submitters: May 17, 2026 (for those who agreed to AI Review Assistant); May 24, 2026 (all other submissions)
- Event date: August 21 - August 22, 2026
【How to Submit 📝】
The submission system will be launching soon—stay tuned to our fan page for the latest updates! If you have any questions, feel free to contact us at [email protected].
#HITCON2026 #HITCON #CallForPaper #CFP #AI
Opus 4.6 (1M) through Claude code solved autonomously 45/54 challenges of BSidesSF 2026 @BSidesSFCTF, placing temporarily into the 21st place, 25th as of now.
This was done with 0 involvement, I didn't give any guidance or manually reviewed any challenges. I used BoxPwnr 🤖 with the CTFd platform to launch challenges in multiple instances, that's it.
I will publish all the traces once the competition finishes, in the meantime you can see the challenges, number of turns and time it took to solve each here:
https://t.co/aNuytp09TM
In the following days I will try to understand why it couldn't solve the 9 remaining challenges: difficulty? long exploration-context rotting? interactive interaction required? challs using video/image? We will see.
Models have improved significantly in the last 6 months, see Cybench results Opus 4.1 vs 4.6 (42% to 93%) https://t.co/aBJeYxSbqe
It's crazy to see what LLM's can do with a minimum harness.
Big "thank you to @RecordedFuture for having picked up on our story about "Expedition Cloud", a CN made cyber range designed to conduct cyber attack drills against "adversaries critical infrastructure". https://t.co/jbDQsz7410
The new @REMnux MCP server lets AI analyze malware using the REMnux toolkit. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach malware analysis and providing AI the right guidance at the right time, so it can think and adapt as it works.
https://t.co/SRgIUJV304
Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0
⏰One month to go before #PIVOTcon26#CfP deadline
✅don't miss the chance to present your #ThreatResearch in a trusted, vetted environment attended by some of the best #CTI#ThreatIntel researchers!
https://t.co/qTMSmdzGaT
👇meme-based guideline for submissions 👇
China’s Ministry of State Security (MSS) is not a monolith, but highly provincialized. Its provincial bureaus function as the operational nerve centres of state cyber ops. In a new piece, @MeiDanowski and I examine their roles and patterns of specialization (link in thread)
‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities.
He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.
Chinese state propaganda outlet CGTN is questioning Japan's claim to Okinawa and talking about the so-called "undetermined status" of the Ryukyu islands.
Most Okinawans consider themselves to be Okinawan/Japanese, not a separate country.
2nd round of #JSAC2026 Call for Presentations and Workshops is now open until 17 Nov 2025. We look forward to your submissions. ^YU
https://t.co/2Jf5sWeCLU
After a long hiatus into the world of ITWs, I present my research on Mangyongdae and its importance to the #DPRK Cyber-Warfare machine. Included are new ITW indicators, alongside analysis of recent developments within the district. We also found Unit 91.
https://t.co/8zmdel3KYJ
We’re excited to share how we do attribution within @Unit42_Intel and I’m extremely proud of the team for putting in the work behind the scenes to make this happen.
https://t.co/THLNcUnazI