Question about session-based cookies vs session-based tokens vs session based api keys
http://Www.google.com
Submitted April 13, 2025 at 12:34AM by Successful_Box_1007
via reddit https://ift.tt/TYik1go
http://Www.google.com
Submitted April 13, 2025 at 12:34AM by Successful_Box_1007
via reddit https://ift.tt/TYik1go
Reddit
From the netsec community on Reddit: Question about session-based cookies vs session-based tokens vs session based api keys
Posted by Successful_Box_1007 - 9 votes and 34 comments
Consolidated View of Security Data: CVEs, Breaches, Ransomware & EOL Tracking
https://cybermonit.com/
Submitted April 13, 2025 at 11:06PM by Electrical-Wish-4221
via reddit https://ift.tt/gXq6Rck
https://cybermonit.com/
Submitted April 13, 2025 at 11:06PM by Electrical-Wish-4221
via reddit https://ift.tt/gXq6Rck
Cybermonit
Cybermonit is a modern platform for monitoring CVS vulnerabilities, data leaks, ransomware attacks and ongoing DDoS attacks, enabling rapid threat identification and effective response to cyber incidents.
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
https://ift.tt/42vSazG
Submitted April 14, 2025 at 02:55AM by ScottContini
via reddit https://ift.tt/6N2ikFS
https://ift.tt/42vSazG
Submitted April 14, 2025 at 02:55AM by ScottContini
via reddit https://ift.tt/6N2ikFS
EDV - Endpoint Detection & Vibes - From vibe coding to vibe detections
https://ift.tt/APbMWvj
Submitted April 14, 2025 at 09:02AM by clod81
via reddit https://ift.tt/Ih9mKgO
https://ift.tt/APbMWvj
Submitted April 14, 2025 at 09:02AM by clod81
via reddit https://ift.tt/Ih9mKgO
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
https://ift.tt/nlFHXCh
Submitted April 14, 2025 at 04:00PM by CoatPowerful1541
via reddit https://ift.tt/lrjR0Xq
https://ift.tt/nlFHXCh
Submitted April 14, 2025 at 04:00PM by CoatPowerful1541
via reddit https://ift.tt/lrjR0Xq
Medium
Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights
Communication protocols represent a core infrastructure accelerating the development and deployment of AI Agents. Anthropic’s Model Context…
Aiding reverse engineering with Rust and a local LLM
https://ift.tt/0iq4xeG
Submitted April 15, 2025 at 10:10AM by 0xdea
via reddit https://ift.tt/g6jnXsm
https://ift.tt/0iq4xeG
Submitted April 15, 2025 at 10:10AM by 0xdea
via reddit https://ift.tt/g6jnXsm
hn security
Aiding reverse engineering with Rust and a local LLM - hn security
“A large fraction of the flaws […]
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority – Ben DH Kim
https://ift.tt/OcMN5XI
Submitted April 15, 2025 at 04:28PM by Opposite-Antelope-27
via reddit https://ift.tt/g8H7QBf
https://ift.tt/OcMN5XI
Submitted April 15, 2025 at 04:28PM by Opposite-Antelope-27
via reddit https://ift.tt/g8H7QBf
Ben DH Kim - Notes from Building Cyber Security Startup
They’re Everywhere! Why Non-Human Identities (and Their Security) Should Be Your Top Priority
Hey everyone, let’s talk about something that’s quietly taking over our digital world: Non-Human Identities (NHIs). You might not think about them much, but trust me, they’re ever…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 15, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VfYTvxD
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 15, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VfYTvxD
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | HackSys Inc
https://ift.tt/do3XQLb
Submitted April 16, 2025 at 05:53AM by hacksysteam
via reddit https://ift.tt/0iCXYmJ
https://ift.tt/do3XQLb
Submitted April 16, 2025 at 05:53AM by hacksysteam
via reddit https://ift.tt/0iCXYmJ
MITRE support for the CVE program is due to expire today!
https://ift.tt/SYG0tbh
Submitted April 16, 2025 at 11:50AM by Fugitif
via reddit https://ift.tt/fEVyB8u
https://ift.tt/SYG0tbh
Submitted April 16, 2025 at 11:50AM by Fugitif
via reddit https://ift.tt/fEVyB8u
Krebs on Security
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE…
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542)
https://ift.tt/NYSCxZG
Submitted April 16, 2025 at 02:11PM by MrTuxracer
via reddit https://ift.tt/i0ybvW4
https://ift.tt/NYSCxZG
Submitted April 16, 2025 at 02:11PM by MrTuxracer
via reddit https://ift.tt/i0ybvW4
CISA extends funding to ensure no lapse in critical CVE services
https://ift.tt/2KJHj71
Submitted April 16, 2025 at 07:26PM by mepper
via reddit https://ift.tt/9PoaOp8
https://ift.tt/2KJHj71
Submitted April 16, 2025 at 07:26PM by mepper
via reddit https://ift.tt/9PoaOp8
Bluesky Social
Cynthia Brumfield (@metacurity.com)
Oh wow. This just in from a CISA spokesperson:
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate…
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate…
New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)
https://ift.tt/XJhVw8m
Submitted April 17, 2025 at 12:47PM by SSDisclosure
via reddit https://ift.tt/flKwTRE
https://ift.tt/XJhVw8m
Submitted April 17, 2025 at 12:47PM by SSDisclosure
via reddit https://ift.tt/flKwTRE
SSD Secure Disclosure
SSD Advisory - extract() double-free(5.X)/use-after-free(7.X/8.X) - SSD Secure Disclosure
Summary A vulnerability in PHP’s extract() function allows attackers to trigger a double-free in version 5.x or a user-after-free in versions 7.x, 8.x, which in turn allows arbitrary code execution (native code). Credit An independent security researcher…
[Project] I built a tool that tracks AWS documentation changes and analyzes security implications
https://ift.tt/Wh75iZe
Submitted April 17, 2025 at 02:09PM by unkn0wn11
via reddit https://ift.tt/RbzsmW5
https://ift.tt/Wh75iZe
Submitted April 17, 2025 at 02:09PM by unkn0wn11
via reddit https://ift.tt/RbzsmW5
Awssecuritychanges
AWS Security Changes - Track Documentation & Security Updates
Monitor AWS documentation changes and security updates in real-time. Stay informed about critical security changes across all AWS services.
Everyone knows your location, Part 2: try it yourself and share the results
https://ift.tt/0PX6mbo
Submitted April 18, 2025 at 01:14AM by WesternBest
via reddit https://ift.tt/kHi0A1z
https://ift.tt/0PX6mbo
Submitted April 18, 2025 at 01:14AM by WesternBest
via reddit https://ift.tt/kHi0A1z
tim.sh
Everyone knows your location, Part 2: try it yourself and share the results
Learn how to record and analyse your mobile device traffic, take an app from the list of "shady" apps and share the results.
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
https://ift.tt/zpY2wsA
Submitted April 18, 2025 at 03:01AM by 907jessejones
via reddit https://ift.tt/MK85Ist
https://ift.tt/zpY2wsA
Submitted April 18, 2025 at 03:01AM by 907jessejones
via reddit https://ift.tt/MK85Ist
Include Security Research Blog
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private Network Access in Chrome, and review the SameSite attribute's…
AES & ChaCha — A Case for Simplicity in Cryptography
https://ift.tt/9vTEaZb
Submitted April 18, 2025 at 11:50AM by ascendence
via reddit https://ift.tt/EOpdDxm
https://ift.tt/9vTEaZb
Submitted April 18, 2025 at 11:50AM by ascendence
via reddit https://ift.tt/EOpdDxm
phase
AES & ChaCha — A Case for Simplicity in Cryptography | Phase Blog
A technical deep dive into how the ChaCha20 cipher is taking on AES as the gold standard for symmetric encryption, and a lesson about the power of simplicity in cryptographic design.
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
https://ift.tt/WKLq0sr
Submitted April 18, 2025 at 03:36PM by f3d_0x0
via reddit https://ift.tt/KtSlNhy
https://ift.tt/WKLq0sr
Submitted April 18, 2025 at 03:36PM by f3d_0x0
via reddit https://ift.tt/KtSlNhy
Cleafy
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
A new fraud campaign based on the Android malware "SuperCard X" and innovative NFC relay techniques is impacting Italian's banking. Read our latest report to learn more.
CVE-2025-25364: Speedify VPN MacOS privilege Escalation
https://ift.tt/zwVIL9Q
Submitted April 18, 2025 at 11:47PM by SL7reach
via reddit https://ift.tt/23HgFPp
https://ift.tt/zwVIL9Q
Submitted April 18, 2025 at 11:47PM by SL7reach
via reddit https://ift.tt/23HgFPp
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2025-25364: Speedify VPN MacOS privilege Escalation
SecureLayer7 discovered CVE-2025-25364, which is a critical command injection vulnerability discovered in the me.connectify.SMJobBlessHelper XPC service, a privileged helper tool...
need help extracting firmware from a vr headset in a working state
https://ift.tt/shtOMY2
Submitted April 19, 2025 at 01:41PM by Shot_Morning2815
via reddit https://ift.tt/SbjD1J0
https://ift.tt/shtOMY2
Submitted April 19, 2025 at 01:41PM by Shot_Morning2815
via reddit https://ift.tt/SbjD1J0
Microsoft Store - Download apps, games & more for your Windows PC
Acer OJO 500 - Free download and install on Windows | Microsoft Store
Companion app for the Acer Windows Mixed Reality Headset - Acer OJO 500
b3rito/b3acon: b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.
https://ift.tt/14uVCyA
Submitted April 20, 2025 at 02:29AM by b3rito
via reddit https://ift.tt/aMct6El
https://ift.tt/14uVCyA
Submitted April 20, 2025 at 02:29AM by b3rito
via reddit https://ift.tt/aMct6El
Penetration Testing Tools
b3acon: In-Memory C# IMAP C2 over Email
Learn about b3acon, a mail-based C2 using an in-memory C# IMAP client and PowerShell for stealthy communication via email drafts.