Netsec – Telegram
Netsec
@RNetsec
7.41K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.41K subscribers
Netsec
/r/netsec's Q2 2025 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

Submitted April 02, 2025 at 12:39AM by netsec_burn
via reddit https://ift.tt/adSB8fM
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
630 views
Netsec
Improved detection signature for the K8s IngressNightmare vuln
https://ift.tt/kIj3QsD

Submitted April 02, 2025 at 04:21AM by nathan_warlocks
via reddit https://ift.tt/L0PROZi
Praetorian
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability | Praetorian
Learn about our improved detection signature for Kubernetes Ingress Nightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514) that accurately identifies vulnerable NGINX Ingress controller versions, including v1.12.0 which other templates miss.
726 views
Netsec
peeko – Browser-based XSS C2 for stealthy internal network exploration via victim's browser.
https://ift.tt/nM0ETDG

Submitted April 02, 2025 at 03:28AM by b3rito
via reddit https://ift.tt/xtqMyk0
GitHub
GitHub - b3rito/peeko: peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.
peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser. - b3rito/peeko
703 views
Netsec
Hacking the Call Records of Millions of Americans
https://ift.tt/RIu4l9T

Submitted April 02, 2025 at 03:54PM by techdash
via reddit https://ift.tt/93T7HqB
Evan Connelly
Hacking the Call Records of Millions of Americans
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
Now imagine…
828 views
Netsec
Loose Types Sink Ships: Pre-Authentication SQL Injection in Halo ITSM
https://ift.tt/IPXtsrM

Submitted April 02, 2025 at 06:29PM by Mempodipper
via reddit https://ift.tt/PLVKGu1
Searchlight Cyber
Pre-Auth SQL Injection in Halo ITSM › Searchlight Cyber
Halo ITSM is an IT support management software that can be deployed on-premise or in the cloud. Currently, there are around ~1000 cloud deployments of this software under the haloitsm.com domain, not accounting for all the on-premise deployments. This software…
712 views
Netsec
This framework doesn’t hide files. It erases their existence until reassembly.
https://ift.tt/G21uYcL

Submitted April 02, 2025 at 08:52PM by CLKnDGGR
via reddit https://ift.tt/E9Q78OC
Medium
The Threat You Can’t Scan For
Why Detection Is Dead Without Presence
705 views
Netsec
Safari extension to inspect IPs, ASNs, and countries in 1 click — fully private (built this myself)
https://ift.tt/0NxOj97

Submitted April 03, 2025 at 01:33AM by mad_qubik
via reddit https://ift.tt/ePTcZW4
App Store
‎IP Domain Flag Info
‎Discover comprehensive IP information effortlessly with our enhanced Safari extension! Whenever you visit a website, instantly reveal accurate server IP data (prioritizing IPv4):

- Country and flag
- ISP / Organization
- Connection type (if available)
697 views
Netsec
Finding an Unauthenticated RCE nday in Zendto, patched quietly in 2021. Lots of vulnerable instances exposed to the internet.
https://ift.tt/hegYZQC

Submitted April 03, 2025 at 03:23AM by ezzzzz
via reddit https://ift.tt/sfAnFTe
Research Blog | Project Black
ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4
Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.
715 views
Netsec
New Threat and Vulnerability Intelligence Database
https://ift.tt/sIclY8X

Submitted April 03, 2025 at 01:16PM by ethicalhack3r
via reddit https://ift.tt/8RLBfVI
cyberalerts.io
Stay one step ahead of the latest threats and vulnerabilities with vulnerability alerts and threat alerts. Cut through the noise and focus on what matters to your business with advanced alert filtering.
743 views
Netsec
Intercepting MacOS XPC
https://ift.tt/G7Mkey6

Submitted April 03, 2025 at 11:23PM by Ano_F
via reddit https://ift.tt/5713ElL
Medium
Intercepting MacOS XPC
Intercepting XPC Messages With Frida
691 views
Netsec
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
https://ift.tt/Tw134Vf

Submitted April 03, 2025 at 11:03PM by ethicalhack3r
via reddit https://ift.tt/OTVxzFR
Google Cloud Blog
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud…
657 views
Netsec
Talk To Your Malware - Integrating AI Capability in an Open-Source C2 Agent
https://ift.tt/1lyAdNn

Submitted April 04, 2025 at 03:43AM by obilodeau
via reddit https://ift.tt/WdQJi9y
GoSecure
Talk To Your Malware - Integrating AI Capability in an Open-Source C2 Agent
Explore how AI-enabled implants can generate and execute custom malware commands on the fly, no coding required.
757 views
Netsec
Open-source Compliance
https://trycomp.ai/

Submitted April 04, 2025 at 01:25PM by Indiemarketing
via reddit https://ift.tt/EVCaKHp
Comp AI
Comp AI - SOC 2 - HIPAA - GDPR - ISO 27001 made effortless
AI that handles compliance for you at startup speed. The effortless way to get SOC 2, HIPAA, GDPR, and ISO 27001 compliant in hours, not months.
734 views
Netsec
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) - watchTowr Labs
https://ift.tt/AeQY1N0

Submitted April 04, 2025 at 07:20PM by dx7r__
via reddit https://ift.tt/SbJRyX9
watchTowr Labs
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
What's that Skippy? Another Ivanti Connect Secure vulnerability?

At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis.

Do you know the fun things about these posts?…
772 views
Netsec
ServiceRadar 1.0.28 - Open Source Network Monitoring and Observability
https://ift.tt/Z1fGBbo

Submitted April 06, 2025 at 10:00AM by ChaseApp501
via reddit https://ift.tt/pfhJS1n
843 views
Netsec
New attack vector on AI toolchains: Tool Poisoning in MCPs (Machine Code Models)
https://ift.tt/HxczY6O

Submitted April 07, 2025 at 04:49AM by VonNaturAustreVe
via reddit https://ift.tt/Y0ZrcTa
invariantlabs.ai
MCP Security Notification: Tool Poisoning Attacks
We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for
1.03K views
Netsec
[CVE-2025-32101] UNA CMS <= 14.0.0-RC4 PHP Object Injection
https://ift.tt/wN9PHKz

Submitted April 07, 2025 at 09:02PM by eg1x
via reddit https://ift.tt/V45PWDe
Karmainsecurity
UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
714 views
Netsec
Dependency Injection for Artificial Intelligence (DI4AI)
https://ift.tt/qKy6grH

Submitted April 08, 2025 at 04:25PM by FoxInTheRedBox
via reddit https://ift.tt/v617P2z
716 views
Netsec
SQL injections in MachForm v24 allow authenticated backend users to access unauthorized form entries and perform privesc
https://ift.tt/RLG6h9r

Submitted April 08, 2025 at 05:31PM by qwerty0x41
via reddit https://ift.tt/scHRhLJ
672 views
Netsec
Shopware Unfixed SQL Injection in Security Plugin 6
https://ift.tt/bflzZQq

Submitted April 08, 2025 at 05:18PM by RedTeamPentesting
via reddit https://ift.tt/7jWRLPf
www.redteam-pentesting.de
RedTeam Pentesting - Shopware Unfixed SQL Injection in Security Plugin 6
Shopware is affected by a known SQL injection in older Shopware versions which is fixed in newer Shopware releases. For customers who can not upgrade the main Shopware version the Shopware AG offers the security plugin which patches known vulnerabilities…
672 views
Netsec
CyberAlerts Known Exploited Vulnerabilities (KEV) Catalog
https://ift.tt/GnQOadP

Submitted April 08, 2025 at 05:51PM by ethicalhack3r
via reddit https://ift.tt/TxOQjuU
669 views