how data travels the world to reach your screen
https://ift.tt/tjUgzZS
Submitted April 11, 2025 at 03:54PM by FederalRace5393
via reddit https://ift.tt/sRaYzdB
https://ift.tt/tjUgzZS
Submitted April 11, 2025 at 03:54PM by FederalRace5393
via reddit https://ift.tt/sRaYzdB
DeepIntoDev
Your go-to source for deep development insights.
Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet
https://ift.tt/1iqPTUj
Submitted April 12, 2025 at 01:17AM by AlmondOffSec
via reddit https://ift.tt/5n4kO3B
https://ift.tt/1iqPTUj
Submitted April 12, 2025 at 01:17AM by AlmondOffSec
via reddit https://ift.tt/5n4kO3B
Prizm Labs Website
Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet
Details of our SuperNote Nomad research which led to the disclosure of a 0-click RCE vulnerability
Azure Managed Identities resource (background, attacker and defender perspective)
https://ift.tt/eyh2iPf
Submitted April 12, 2025 at 04:16PM by Far-Safety2703
via reddit https://ift.tt/t1gn2yE
https://ift.tt/eyh2iPf
Submitted April 12, 2025 at 04:16PM by Far-Safety2703
via reddit https://ift.tt/t1gn2yE
Critical Wallet Bugs Expose Users to Silent Crypto Drains
https://ift.tt/MfHzxd6
Submitted April 12, 2025 at 04:10PM by coinspect
via reddit https://ift.tt/bZ4YOMP
https://ift.tt/MfHzxd6
Submitted April 12, 2025 at 04:10PM by coinspect
via reddit https://ift.tt/bZ4YOMP
Coinspect Security
Critical Wallet Bugs Expose Users to Silent Crypto Drains
Discover how critical vulnerabilities in browser-based crypto wallets allowed attackers to drain funds without user interaction.
French newsletter with technical articles and tools
https://ift.tt/V5OPLkI
Submitted April 12, 2025 at 04:05PM by skisedr
via reddit https://ift.tt/WHblmX9
https://ift.tt/V5OPLkI
Submitted April 12, 2025 at 04:05PM by skisedr
via reddit https://ift.tt/WHblmX9
Erreur 403
Erreur 403 est une newsletter dédiée à la cybersécurité. Chaque semaine, je vous livre une sélection d’infos, d’articles, et d’outils pratiques, couvrant un large éventail de thématiques et de technologies.
Question about session-based cookies vs session-based tokens vs session based api keys
http://Www.google.com
Submitted April 13, 2025 at 12:34AM by Successful_Box_1007
via reddit https://ift.tt/TYik1go
http://Www.google.com
Submitted April 13, 2025 at 12:34AM by Successful_Box_1007
via reddit https://ift.tt/TYik1go
Reddit
From the netsec community on Reddit: Question about session-based cookies vs session-based tokens vs session based api keys
Posted by Successful_Box_1007 - 9 votes and 34 comments
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://cybermonit.com/
Submitted April 13, 2025 at 11:06PM by Electrical-Wish-4221
via reddit https://ift.tt/gXq6Rck
https://cybermonit.com/
Submitted April 13, 2025 at 11:06PM by Electrical-Wish-4221
via reddit https://ift.tt/gXq6Rck
Cybermonit
Cybermonit is a modern platform for monitoring CVS vulnerabilities, data leaks, ransomware attacks and ongoing DDoS attacks, enabling rapid threat identification and effective response to cyber incidents.
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://ift.tt/42vSazG
Submitted April 14, 2025 at 02:55AM by ScottContini
via reddit https://ift.tt/6N2ikFS
https://ift.tt/42vSazG
Submitted April 14, 2025 at 02:55AM by ScottContini
via reddit https://ift.tt/6N2ikFS
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://ift.tt/APbMWvj
Submitted April 14, 2025 at 09:02AM by clod81
via reddit https://ift.tt/Ih9mKgO
https://ift.tt/APbMWvj
Submitted April 14, 2025 at 09:02AM by clod81
via reddit https://ift.tt/Ih9mKgO
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://ift.tt/nlFHXCh
Submitted April 14, 2025 at 04:00PM by CoatPowerful1541
via reddit https://ift.tt/lrjR0Xq
https://ift.tt/nlFHXCh
Submitted April 14, 2025 at 04:00PM by CoatPowerful1541
via reddit https://ift.tt/lrjR0Xq
Medium
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
Communication protocols represent a core infrastructure accelerating the development and deployment of AI Agents. Anthropic’s Model Context…
Aiding reverse engineering with Rust and a local LLM
https://ift.tt/0iq4xeG
Submitted April 15, 2025 at 10:10AM by 0xdea
via reddit https://ift.tt/g6jnXsm
https://ift.tt/0iq4xeG
Submitted April 15, 2025 at 10:10AM by 0xdea
via reddit https://ift.tt/g6jnXsm
hn security
Aiding reverse engineering with Rust and a local LLM - hn security
“A large fraction of the flaws […]
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://ift.tt/OcMN5XI
Submitted April 15, 2025 at 04:28PM by Opposite-Antelope-27
via reddit https://ift.tt/g8H7QBf
https://ift.tt/OcMN5XI
Submitted April 15, 2025 at 04:28PM by Opposite-Antelope-27
via reddit https://ift.tt/g8H7QBf
Ben DH Kim - Notes from Building Cyber Security Startup
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority
Hey everyone, let’s talk about something that’s quietly taking over our digital world: Non-Human Identities (NHIs). You might not think about them much, but trust me, they’re ever…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 15, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VfYTvxD
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 15, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VfYTvxD
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://ift.tt/do3XQLb
Submitted April 16, 2025 at 05:53AM by hacksysteam
via reddit https://ift.tt/0iCXYmJ
https://ift.tt/do3XQLb
Submitted April 16, 2025 at 05:53AM by hacksysteam
via reddit https://ift.tt/0iCXYmJ
MITRE support for the CVE program is due to expire today!
https://ift.tt/SYG0tbh
Submitted April 16, 2025 at 11:50AM by Fugitif
via reddit https://ift.tt/fEVyB8u
https://ift.tt/SYG0tbh
Submitted April 16, 2025 at 11:50AM by Fugitif
via reddit https://ift.tt/fEVyB8u
Krebs on Security
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE…
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://ift.tt/NYSCxZG
Submitted April 16, 2025 at 02:11PM by MrTuxracer
via reddit https://ift.tt/i0ybvW4
https://ift.tt/NYSCxZG
Submitted April 16, 2025 at 02:11PM by MrTuxracer
via reddit https://ift.tt/i0ybvW4
CISA extends funding to ensure no lapse in critical CVE services
https://ift.tt/2KJHj71
Submitted April 16, 2025 at 07:26PM by mepper
via reddit https://ift.tt/9PoaOp8
https://ift.tt/2KJHj71
Submitted April 16, 2025 at 07:26PM by mepper
via reddit https://ift.tt/9PoaOp8
Bluesky Social
Cynthia Brumfield (@metacurity.com)
Oh wow. This just in from a CISA spokesperson:
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate…
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate…
New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)
https://ift.tt/XJhVw8m
Submitted April 17, 2025 at 12:47PM by SSDisclosure
via reddit https://ift.tt/flKwTRE
https://ift.tt/XJhVw8m
Submitted April 17, 2025 at 12:47PM by SSDisclosure
via reddit https://ift.tt/flKwTRE
SSD Secure Disclosure
SSD Advisory - extract() double-free(5.X)/use-after-free(7.X/8.X) - SSD Secure Disclosure
Summary A vulnerability in PHP’s extract() function allows attackers to trigger a double-free in version 5.x or a user-after-free in versions 7.x, 8.x, which in turn allows arbitrary code execution (native code). Credit An independent security researcher…
[Project] I built a tool that tracks AWS documentation changes and analyzes security implications
https://ift.tt/Wh75iZe
Submitted April 17, 2025 at 02:09PM by unkn0wn11
via reddit https://ift.tt/RbzsmW5
https://ift.tt/Wh75iZe
Submitted April 17, 2025 at 02:09PM by unkn0wn11
via reddit https://ift.tt/RbzsmW5
Awssecuritychanges
AWS Security Changes - Track Documentation & Security Updates
Monitor AWS documentation changes and security updates in real-time. Stay informed about critical security changes across all AWS services.
Everyone knows your location, Part 2: try it yourself and share the results
https://ift.tt/0PX6mbo
Submitted April 18, 2025 at 01:14AM by WesternBest
via reddit https://ift.tt/kHi0A1z
https://ift.tt/0PX6mbo
Submitted April 18, 2025 at 01:14AM by WesternBest
via reddit https://ift.tt/kHi0A1z
tim.sh
Everyone knows your location, Part 2: try it yourself and share the results
Learn how to record and analyse your mobile device traffic, take an app from the list of "shady" apps and share the results.
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
https://ift.tt/zpY2wsA
Submitted April 18, 2025 at 03:01AM by 907jessejones
via reddit https://ift.tt/MK85Ist
https://ift.tt/zpY2wsA
Submitted April 18, 2025 at 03:01AM by 907jessejones
via reddit https://ift.tt/MK85Ist
Include Security Research Blog
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private Network Access in Chrome, and review the SameSite attribute's…