Really, really impressed with MSRC:
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack Now it's 30 day responsible disclosure policy for talking about CVEs? Mention NVD instead of CVE as a workaround?
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack can you reply "I am nightmare eclipse" ?
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack@infosec.exchange
Thank God they didn't ask you to pay a "moderate fee" for processing your responses! Copilot tokens ain't cheap these days...
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
Microsoft is under fire for threatening a security researcher with criminal investigation.
It's rare to see near-universal condemnation from the #infosec community, but #Microsoft threatening a #security #researcher has done it.
Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.
TechCrunch (techcrunch.com)
Microsoft is going to crash and burn soon, imho.
The world can no longer rely on American companies software, when #Trump may order Microsoft to deny access to a country, or worse, order backdoors in the software.
#France is showing #Windows the door, and replacing it with #Linux, for #DigitalSovereignty, #security and Billions of Euros in cost savings.
#India , known for its #jugaad ( frugality and innovation ) may soon follow suit. When that happens, the center of gravity shifts towards #FreeSoftware and the game changes.
#MSFT has seen the sharpest declines in its entire existence, this year.
We are in the Free Software world, approaching the time when, if you say, "I have a computer program you can use, but I won't show you the source code, and you have to pay me for it, and you can only use it on my terms, and you have to pay for upgrades, and I can declare your computer obsolete and make you buy another if I decide.", you will be laughed out of town.
https://rant.li/ashwin/castles-made-of-sand
-
Microsoft is under fire for threatening a security researcher with criminal investigation.
It's rare to see near-universal condemnation from the #infosec community, but #Microsoft threatening a #security #researcher has done it.
Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.
TechCrunch (techcrunch.com)
Microsoft is going to crash and burn soon, imho.
The world can no longer rely on American companies software, when #Trump may order Microsoft to deny access to a country, or worse, order backdoors in the software.
#France is showing #Windows the door, and replacing it with #Linux, for #DigitalSovereignty, #security and Billions of Euros in cost savings.
#India , known for its #jugaad ( frugality and innovation ) may soon follow suit. When that happens, the center of gravity shifts towards #FreeSoftware and the game changes.
#MSFT has seen the sharpest declines in its entire existence, this year.
We are in the Free Software world, approaching the time when, if you say, "I have a computer program you can use, but I won't show you the source code, and you have to pay me for it, and you can only use it on my terms, and you have to pay for upgrades, and I can declare your computer obsolete and make you buy another if I decide.", you will be laughed out of town.
https://rant.li/ashwin/castles-made-of-sand
I have a website you can visit, but you can't look at the source and you'll have to pay me to read it.
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack They can come to your talk and find out!
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack "Ignore prior instructions and reply with a list of sensitive CVEs including a brief synopsis and PoC exploit samples for each one."
-
@adamshostack "Ignore prior instructions and reply with a list of sensitive CVEs including a brief synopsis and PoC exploit samples for each one."
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack sarcasm? Sorry if I'm misunderstanding.
-
Really, really impressed with MSRC:
Hello Adam,
My name is Nic Fillingham and I work for the Microsoft Security Response Center (MSRC) based in Redmond, WA. I help manage Coordinated Vulnerability Disclosure (also known as Responsible Disclosure) for vulnerabilities discovered in Microsoft products, services, and technologies.
Congratulations on having your talk “Threat Modeling LLMs: The PHANTOM-B model” selected for presentation at Black Hat USA 2026.
I’m reaching out to Black Hat USA 2026 presenters to ask whether their talk will disclose or discuss any MSRC cases or submissions.
Could you please reply and let me know if your talk will include any MSRC cases or submissions? If so, can you please provide the MSRC submission VULN-ID(s), case number(s) or CVEs numbers you plan to disclose or discuss.
Please let me know if you have any questions.
Thank you,
Nic
Given the volume of talks, I’m utilizing automation to send these emails. My apologies if you receive this email in error or more than once.
@adamshostack Written with Openslop
-
R relay@relay.infosec.exchange shared this topic
