État de l’art sur le phishing Azure en 2025 (partie 1) – Device code flow
https://ift.tt/oFYnEgL

Submitted June 30, 2025 at 07:49PM by MobetaSec
via reddit https://ift.tt/IiFswb8

Chrome’s AppBound Cookie Encryption Bypassed via Side-Channel Timing Attack
https://ift.tt/JY0WtlO

Submitted June 30, 2025 at 09:12PM by ES_CY
via reddit https://ift.tt/m78Bbho

C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption
https://ift.tt/JY0WtlO

Submitted June 30, 2025 at 10:40PM by ES_CY
via reddit https://ift.tt/y1SIduA

What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
https://ift.tt/GO8IszS

Submitted July 01, 2025 at 01:18AM by MrTuxracer
via reddit https://ift.tt/Wv5TIKX

RCE through Path Traversal
https://ift.tt/IsyKjrF

Submitted July 01, 2025 at 10:30AM by Zestyclose-Welder-33
via reddit https://ift.tt/DCoxqtT

How we got persistent XSS on every AEM cloud site, thrice
https://ift.tt/vGY54dk

Submitted July 01, 2025 at 01:12PM by Mempodipper
via reddit https://ift.tt/0la9V3z

r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted July 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/TYiIhe3

Abusing Chrome Remote Desktop on Red Team Operations
https://ift.tt/NSqJdRg

Submitted July 01, 2025 at 08:36PM by oddvarmoe
via reddit https://ift.tt/UL5kr9R

How I Scanned all of GitHub’s "Oops Commits" for Leaked Secrets
https://ift.tt/tE6Dx2I

Submitted July 02, 2025 at 12:28AM by sh0n1z
via reddit https://ift.tt/RWczrnB

Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security
https://ift.tt/anNGjcm

Submitted July 02, 2025 at 05:52AM by cov_id19
via reddit https://ift.tt/qmNfBvi

Google Warns: Critical Chrome Flaw Letting Hackers Take Over PCs Is Already Being Exploited
https://ift.tt/Otmxjl9

Submitted July 02, 2025 at 12:46PM by Fabulous_Bluebird931
via reddit https://ift.tt/szpLEx8

"schizophrenic" zip files. Different contents depending on your archive reader.
https://ift.tt/Z3Du19c

Submitted July 02, 2025 at 06:08PM by 2FalseSteps
via reddit https://ift.tt/IC0DQ3g

Azure API vulnerability and built-in roles misconfiguration enable corporate network takeover
https://ift.tt/iUf6pR3

Submitted July 02, 2025 at 07:34PM by Apprehensive-Side840
via reddit https://ift.tt/TK3QUGj

EscapeRoute: How we found 2 vulnerabilities in Anthropic’s Filesystem MCP Server (CVE-2025-53109 & CVE-2025-53110)
https://ift.tt/1tcwZb4

Submitted July 02, 2025 at 11:12PM by Fun_Preference1113
via reddit https://ift.tt/Ubdz86P

GitPhish: Automating Enterprise GitHub Device Code Phishing
https://ift.tt/16H2hRt

Submitted July 03, 2025 at 01:04AM by IrohsLotusTile
via reddit https://ift.tt/kGPudtT

/r/netsec's Q3 2025 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

Submitted July 03, 2025 at 01:02AM by netsec_burn
via reddit https://ift.tt/hPr2e4I

How Coinbase's $400M Problem Started in an Indian Call Center
https://ift.tt/BOlTmgR

Submitted July 03, 2025 at 01:48PM by vowskigin
via reddit https://ift.tt/MKUdVBt

Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip
https://ift.tt/pskXUvo

Submitted July 03, 2025 at 07:39PM by oddvarmoe
via reddit https://ift.tt/uELDThW

Instagram uses expiring certificates as single day TLS certificates
https://ift.tt/2LeCsqN

Submitted July 04, 2025 at 02:43AM by tootac
via reddit https://ift.tt/6kKnGHw

Feedback Requested: DevSecOps Standard RFP from OMG
https://ift.tt/SrWF3Gz

Submitted July 04, 2025 at 05:45AM by DidoSolutionsSocial
via reddit https://ift.tt/naKM7Zr

Web Metadata search - search for headers, web apps, CMSs, and their versions
https://ift.tt/bJyIVKE?

Submitted July 04, 2025 at 09:33AM by rmddos
via reddit https://ift.tt/WidFERG