FIRST

Support the cybersecurity community in Oslo! https://lnkd.in/ejP8kQZM 🥶 The 2026 FIRST TC: #ColdIncidentResponse returns to Oslo, Norway, 13–15 October 2026, bringing together around 400 practitioners focused on the work that happens after the initial alarm: investigation, analysis, coordination, attribution, and lessons learned. We're seeking sponsors to help support practical event costs!🤝 Our model is simple: sponsorship supports the community, not the program. No sponsor booths. No paid speaking slots. Just strong technical discussions and valuable connections. Interested in supporting the event? Contact us at oslo-tc@first.org for sponsorship options and details. #CyberSecurity #IncidentResponse #DFIR #ThreatIntelligence #FIRSTdotOrg #OsloTC #OsloSec

🚨What if a single malicious blog post could quietly influence the AI tools your security team trusts every day? Tune in to the latest #FirstImpressionsPodcast episode to hear Lily Chen and Dr. Yang Cheng-Lin of CyCraft discuss their upcoming #FIRSTCON26 presentation, "One Poisoned Artifact Can Steer Your AI? How Robust Are Your LLM-Assisted Security Workflows?" The conversation explores how attackers can craft documents designed to capture an LLM's attention, manipulate its reasoning, and potentially alter the recommendations it provides to analysts. From prompt injection and poisoned data sources to the ongoing cat-and-mouse game between attackers and defenders, this episode offers a fascinating look at one of the most important emerging challenges in #AIsecurity! 🎧 Listen now and get a preview of one of the thought-provoking sessions coming to FIRST Conference 2026 this month in Denver: https://media.first.org/podcasts/FIRST_Impressions-cheng-lily.mp3

🎤 Step onto the stage at #FIRSTMX26 🔗https://go.first.org/jv1Xh We’re looking for speakers to share practical insights, lessons learned, and emerging challenges in cybersecurity. Be part of a truly global program.

New intelligence has been recovered from Munich: Previously, there was only access to the full, uncut livestream recordings from the 2026 FIRST #CyberThreatIntelligence Conference. While valuable, locating specific insights sometimes felt like a hunt within itself... Good news: the footage has now been processed, and individual session recordings are now available on the FIRST YouTube channel: https://lnkd.in/gVJiukPv Browse the #FIRSTCTI26 TLP:CLEAR session recordings now and relive the best moments from Munich, no time travel required. Save the date for the 2027 Conference: April 21-23, 2027 | #FIRSTCTI27 | Berlin, DE.

We're looking for a Program Manager for our Community & Capacity Building (CCB) team. This role will work closely with our community trainers, drive our fellowship program, and provide support across all of our CCB projects and activities. Check the listing on our Jobs page: https://go.first.org/EcJUV

Hot topics, hotter weather ☀️🌵 #VulnCon2026 brought the vulnerability coordination community to Scottsdale for a week packed with technical insight, collaboration, and conversations that stretched long after the sessions ended. Between the Arizona sunshine, networking opportunities, and deep dives into the evolving vulnerability landscape, this year’s event delivered plenty of reasons for attendees to already be looking forward to the next one. Couldn’t make it to Scottsdale? Catch the highlights and see what everyone’s talking about in the official recap: https://lnkd.in/giCat7FQ #VulnCon #CyberSecurity #VulnerabilityManagement #FIRSTdotOrg

🎤 Now accepting talk proposals for the Oslo 2026 FIRST TC: Cold Incident Response Have a story, tool, or lesson learned? Whether it’s incidents, detection engineering, or threat hunting—we want to hear it. No stage experience needed—just real, practical insights. 🗓️ Submit by July 7 📬 Feedback by August 15 🔗https://go.first.org/ASews

Did you miss VulnCon 2026? Check out the conversations everyone’s still talking about, now on YouTube! Dive into expert discussions on CVE quality, VEX, AI-driven remediation, EPSS, supply chain security, vulnerability coordination, and more from leaders across the global cybersecurity community. Explore the TLP:CLEAR sessions at: https://lnkd.in/gK954Q-2 #VulnCon2026 #FIRSTdotOrg #CyberSecurity #CVE

🚨 New #FirstImpressionsPodcast episode just dropped 🚨 AI can find vulnerabilities in minutes… but patching them? That’s where the real chaos begins. FIRSTCON26 speakers, Vijay Sarvepalli and Christopher Cullen from the CMU Software Engineering Institute, dive in to unpack: 🔥 AI-generated vuln floods 🔥 Open source patching nightmares 🔥 “Just use pickle.loads” (famous last words) 🔥 Why Log4j still haunts security teams everywhere 🔥 How to automate security from source to release If your #PSIRT process currently runs on caffeine, panic, and Slack messages at 2am… this episode is for you. 🎧 Tune in before #FIRSTCON26 and learn how the industry is trying to close the gap between “we found it” and “please patch immediately" - https://media.first.org/podcasts/FIRST_Impressions-vijay-chris.mp3 #FIRSTCON26 #CyberSecurity #OpenSource #PSIRT #VulnerabilityManagement #AI #DevSecOps

The FIRST DNS Abuse SIG has now released v1.3 of the DNS Abuse Techniques Matrix, after the latest version published back in 2023. We've been working hard on consistency, clarity, and overall polish to create a foundation for further work, and I am SO proud to be part of this publication. It's awesome to see it being used more and more. It was weird (but so cool!) the first time I was chatting with an AI and it answered with a reference to our own work! Download the latest version here: https://lnkd.in/dEVA5r6P The DNS Abuse Techniques Matrix lists 21 different types of DNS Abuse, and 15 different stakeholder groups, marking which of those groups are able to help when it comes to detection, prevention, and mitigation of each abuse type. It's a starting point for anyone dealing with DNS Abuse to know who's going to be able to help move forward. Or who should have the capability to help, at least. As a companion to this, we've also published a set of advice to stakeholders: https://lnkd.in/dByaUtWt These are more specific articles which include definitions, examples, resources, and of course the advice itself on how to deal with each type of DNS Abuse - so once you get talking, again a starting point to help deal with incidents. If you're not familiar with the SIG -- or, Special Interest Group, because not everyone knows every acronym! -- then a bit of background: FIRST, the Forum of Incident Response and Security Teams, provides a platform and support for various groups covering all sorts of security-related topics, and the DNS Abuse SIG is one of them. Our overall mission is to aid incident responders and security teams with the language and essential knowledge to combat DNS Abuse. There's more to it, but we welcome applications from outside FIRST (subject to approval from SIG members) - so check us out: https://lnkd.in/eR6KCcDY In addition to this, we've started tracking changes more properly on the site, which we really should have been doing from the start: https://lnkd.in/d4EQK27G A ton of people have worked on this over the years, but I'd like to give a shoutout to my co-chair Vinzenz Vogel for all the help, especially lately. Also Jonathan (Jono) Spring. We miss you Jono. There is, of course, always more work to do, and we have a long TODO list. Most of that past this version is going to be meatier updates and improvements, and at some point we'll publish v2.0 which will include "breaking changes" like new categories etc. Join us if you'd like to be part of this effort. I'm adding a link to the PDF as the last URL here, because LinkedIn's link preview seems to only include the final one. Anyway, here it is again. https://lnkd.in/dEVA5r6P