SquareX launches two open-source toolkits to help security teams simulate and defend against browser-based attacks that evade traditional enterprise defences.

How context engineering is reshaping the future of AI development — and why your emotional intelligence might be your most valuable asset

The era of patient, methodical reconnaissance is over. Your AI coding assistant has already done all the work for attackers.

540K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers…

Agent trajectory walkthroughs of a fully autonomous hacking system | AI for Security, AIxCC

Defining good SLAs is a tough challenge, but it’s at the heart of any solid vulnerability management program. This article helps internal security teams set clear SLAs, define the right metrics, and adjust their ticketing system to build a successful vulnerability…

Abusing Windows file names that exceed 260 characters to bypass the EDR's sample collection tool by the pentester. Redteam trick

Software is being built faster than ever, and that makes it easier for security issues to slip through. That’s why catching flaws early in…

www.github.com/mandcony/quantoniumos It includes: RFT transform & symbolic state stability metrics Binary ↔ symbolic latency numbers Cross-platform reproducibility proof Cryptanalysis & randomness test results (Avalanche, NIST SP 800-22, Dieharder, TestU01)…

Walk through our investigation workflow, cryptographic analysis, and end-to-end data-recovery strategy, proving that "encrypted" doesn't mean unrecoverable

Want a high-paying, future-proof career in cybersecurity? Join us for an interactive session where industry experts breaks down everything you need to launch…

IT-Security and stuff - Windows OOBE Breakout Revived

Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…

Learn about CVE-2025-50154 and its risk of NTLM attacks and RCE even after Microsoft’s fix for CVE-2025-24054.

Posted by kaganisildak - 0 votes and 1 comment

Hello world! long time no see. I was so busy, mainly with working on symbol.exchange (btw opened a new “Bug Driven Development” community) and started to try my way in academia.

Examining Critical Vulnerabilities in Xerox FreeFlow Core (CVE-2025-8355 and CVE-2025-8356)

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC) | AI for Security, AIxCC

Team82 developed an exploit chain specifically targeting vulnerabilities in Axis Communications’ proprietary Axis.Remoting communication protocol which results in pre-auth RCE on Axis Device Manager, a server used to configure and manage fleets of cameras…

Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the...