Vibecoding and the illusion of security
https://ift.tt/KxLpWgy
Submitted October 27, 2025 at 02:43PM by security_aaudit
via reddit https://ift.tt/BbaLeZH
https://ift.tt/KxLpWgy
Submitted October 27, 2025 at 02:43PM by security_aaudit
via reddit https://ift.tt/BbaLeZH
baldur.dk
BALDUR. - Security Consultancy
Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.
[Tool] CVE Daily — concise, vendor-neutral CVE briefs (NVD+OSV, KEV, deps.dev transitive upgrades)
https://cvedaily.com
Submitted October 27, 2025 at 04:27PM by Interesting-Work-980
via reddit https://ift.tt/Y4tzLOx
https://cvedaily.com
Submitted October 27, 2025 at 04:27PM by Interesting-Work-980
via reddit https://ift.tt/Y4tzLOx
CVE Daily
CVE Daily - Latest CVEs
Daily updated CVE summaries with CVSS and CWE tags. Latest update: 2025-12-03T14:15:48.680.
Crafting self masking functions using LLVM
https://ift.tt/2pnErVu
Submitted October 28, 2025 at 01:33PM by gid0rah
via reddit https://ift.tt/oDeuV0m
https://ift.tt/2pnErVu
Submitted October 28, 2025 at 01:33PM by gid0rah
via reddit https://ift.tt/oDeuV0m
MDSec
Function Peekaboo: Crafting self masking functions using LLVM - MDSec
Introduction LLVM compiler infrastructure is powerful because of its modular design, flexibility, and rich intermediate representation (IR) that enables deep analysis and transformation of code. Unlike traditional compilers, LLVM separates...
WSO2 #2: The many ways to bypass authentication in WSO2 products (CVE-2025-9152, CVE-2025-10611, CVE-2025-9804)
https://ift.tt/MnKaeiN
Submitted October 28, 2025 at 12:43PM by crnkovic_
via reddit https://ift.tt/9pecBsO
https://ift.tt/MnKaeiN
Submitted October 28, 2025 at 12:43PM by crnkovic_
via reddit https://ift.tt/9pecBsO
crnkovic.dev
WSO2 #2: The many ways to bypass authentication in WSO2 products
CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 are critical authentication bypass and privilege escalation vulnerabilities I discovered in WSO2 API Manager and WSO2 Identity Server.
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905)
https://ift.tt/crfVkaS
Submitted October 28, 2025 at 02:07PM by crnkovic_
via reddit https://ift.tt/boaJQtL
https://ift.tt/crfVkaS
Submitted October 28, 2025 at 02:07PM by crnkovic_
via reddit https://ift.tt/boaJQtL
crnkovic.dev
WSO2 #1: 404 to arbitrary file read
CVE-2025-2905 is a blind XXE vulnerability in WSO2 API Manager and other WSO2 products dependent on WSO2-Synapse.
Brida (Burp-Frida Bridge) 0.6 released! - HN Security
https://ift.tt/W4R6dIm
Submitted October 28, 2025 at 04:05PM by 0xdea
via reddit https://ift.tt/3sDzA1M
https://ift.tt/W4R6dIm
Submitted October 28, 2025 at 04:05PM by 0xdea
via reddit https://ift.tt/3sDzA1M
HN Security
Brida 0.6 released! - HN Security
We are releasing Brida 0.6 that supports Frida 17, which introduced some breaking change in its API.
New Ubuntu Kernel LPE!
https://ift.tt/Fs5gBpU
Submitted October 28, 2025 at 05:14PM by SSDisclosure
via reddit https://ift.tt/7NqIfRC
https://ift.tt/Fs5gBpU
Submitted October 28, 2025 at 05:14PM by SSDisclosure
via reddit https://ift.tt/7NqIfRC
SSD Secure Disclosure
LPE via refcount imbalance in the af_unix of Ubuntu's Kernel - SSD Secure Disclosure
Affected Versions Vendor Response The vendor has released an updated kernel on the 18th of September Credit The vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place. Vulnerability Details The vulnerability is caused by…
guys ı ha ve problem
http://google.com
Submitted October 28, 2025 at 05:12PM by Double-Structure4337
via reddit https://ift.tt/60pDfRt
http://google.com
Submitted October 28, 2025 at 05:12PM by Double-Structure4337
via reddit https://ift.tt/60pDfRt
Reddit
From the netsec community on Reddit: guys ı ha ve problem
Posted by Double-Structure4337 - 0 votes and 1 comment
Battling Shadow AI: Prompt Injection for the Good
https://ift.tt/W0aT6DX
Submitted October 28, 2025 at 07:30PM by Far_Ice2481
via reddit https://ift.tt/e7PQjxK
https://ift.tt/W0aT6DX
Submitted October 28, 2025 at 07:30PM by Far_Ice2481
via reddit https://ift.tt/e7PQjxK
Eye Research
Battling Shadow AI: Prompt Injection for the Good
Explore how Eye Security tackles the rising threat of Shadow AI by using prompt injection for good: enhancing data security, boosting AI awareness, and defending corporate intelligence across LLMs like ChatGPT, Claude, and DeepSeek.
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
https://ift.tt/vj5t2yf
Submitted October 28, 2025 at 08:37PM by oddvarmoe
via reddit https://ift.tt/bOUvh7d
https://ift.tt/vj5t2yf
Submitted October 28, 2025 at 08:37PM by oddvarmoe
via reddit https://ift.tt/bOUvh7d
TrustedSec
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
I built a tool that notifies you only when new vulnerabilities affect your products 🔒
https://vulntracker.io
Submitted October 28, 2025 at 09:30PM by yuznumara
via reddit https://ift.tt/wcDd9Kb
https://vulntracker.io
Submitted October 28, 2025 at 09:30PM by yuznumara
via reddit https://ift.tt/wcDd9Kb
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by yuznumara - 0 votes and 7 comments
How SOC Teams Operationalize Real-Time Defense Against Credential Replay Attacks
https://ift.tt/TFcNYOk
Submitted October 29, 2025 at 03:05AM by EssentialSharpness
via reddit https://ift.tt/I7O9yfE
https://ift.tt/TFcNYOk
Submitted October 29, 2025 at 03:05AM by EssentialSharpness
via reddit https://ift.tt/I7O9yfE
Hacking India's largest automaker: Tata Motors
https://ift.tt/NDUxYXz
Submitted October 29, 2025 at 07:01AM by EatonZ
via reddit https://ift.tt/73YhzSi
https://ift.tt/NDUxYXz
Submitted October 29, 2025 at 07:01AM by EatonZ
via reddit https://ift.tt/73YhzSi
Eaton-Works
Hacking India’s largest automaker: Tata Motors
Tata Motors gave away the keys to their infrastructure and customer data on their public websites.
Attacker Target VSCode Extension Marketplace, IDE Plugins Face Higher Supply Chain Attack Risks
https://ift.tt/bPY5gFW
Submitted October 29, 2025 at 10:38AM by Fit_Wing3352
via reddit https://ift.tt/YK6GMm7
https://ift.tt/bPY5gFW
Submitted October 29, 2025 at 10:38AM by Fit_Wing3352
via reddit https://ift.tt/YK6GMm7
How we found +2k vulns, 400+ secrets and 175 PII instances in publicly exposed apps built on vibe-coded platforms (Research methodology)
https://ift.tt/ryHzQxN
Submitted October 30, 2025 at 09:23PM by PriorPuzzleheaded880
via reddit https://ift.tt/obEeD8u
https://ift.tt/ryHzQxN
Submitted October 30, 2025 at 09:23PM by PriorPuzzleheaded880
via reddit https://ift.tt/obEeD8u
Escape DAST - Application Security Blog
Methodology: 2k+ Vulnerabilities in Vibe-Coded Apps
Discover the security risks in vibe-coded applications as we uncover over 2,000 vulnerabilities, exposed secrets, and PII
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities
https://ift.tt/yYGnt1U
Submitted October 30, 2025 at 09:08PM by CyberMasterV
via reddit https://ift.tt/dcxUL9t
https://ift.tt/yYGnt1U
Submitted October 30, 2025 at 09:08PM by CyberMasterV
via reddit https://ift.tt/dcxUL9t
Blogspot
A Deep Dive Into Warlock Ransomware Deployed Via ToolShell SharePoint Chained Vulnerabilities
Author(s): Vlad Pasca Warlock ransomware was deployed by exploiting the SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 The ma...
Can you break our pickle sandbox? Blog + exploit challenge inside
https://ift.tt/NQH3th7
Submitted October 30, 2025 at 11:17PM by valmarelox
via reddit https://ift.tt/dimlytY
https://ift.tt/NQH3th7
Submitted October 30, 2025 at 11:17PM by valmarelox
via reddit https://ift.tt/dimlytY
Substack
We May Have Finally Fixed Python’s 25-Year-Old Vulnerability
A Context Tainting Approach to Mitigate Python Deserialization Attacks
Automating COM/DCOM vulnerability research
https://ift.tt/CDhRQ0a
Submitted October 31, 2025 at 01:54AM by TangeloPublic9554
via reddit https://ift.tt/LsFI53a
https://ift.tt/CDhRQ0a
Submitted October 31, 2025 at 01:54AM by TangeloPublic9554
via reddit https://ift.tt/LsFI53a
Remco van der Meer
Automating COM/DCOM vulnerability research
Diving into COM/DCOM and how to automate vulnerability research using a fuzzing approach.
EDR-Redir V2: Blind EDR With Fake "Program Files"
https://ift.tt/ayZC9JY
Submitted November 01, 2025 at 04:22PM by Cold-Dinosaur
via reddit https://ift.tt/QhTemIz
https://ift.tt/ayZC9JY
Submitted November 01, 2025 at 04:22PM by Cold-Dinosaur
via reddit https://ift.tt/QhTemIz
Zerosalarium
EDR-Redir V2: Blind EDR With Fake Program Files
EDR-Redir V2 uses bind link technique with Program Files folder. Create bind link for folder points to itself to break, bypass, block Antivirus, EDRs
open source CVE scanner for project dependencies. VSCode extension.
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 01, 2025 at 08:02PM by FeelingResolution806
via reddit https://ift.tt/iwqeOR2
https://marketplace.visualstudio.com/items?itemName=abhishekrai43.vulscan-mcp-vscode
Submitted November 01, 2025 at 08:02PM by FeelingResolution806
via reddit https://ift.tt/iwqeOR2
Visualstudio
VulScan-MCP Security Scanner - Visual Studio Marketplace
Extension for Visual Studio Code - Security vulnerability scanner for dependencies. Checks CVEs from NVD/OSV databases and provides remediation steps. Supports npm, pip, Maven, Go, and more.
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/Ljlo2DQ
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/Ljlo2DQ
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community