Simulating a Water Control System in my Home Office
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
rosecurity@dev
Homegrown Honeypots: Simulating a Water Control System in my Home Office
Background
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
ARMO
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing- ARMO
Test your cloud and container security tools with ARMO CTRL, a controlled attack readiness lab that simulates real web-to-cloud attack paths for true detection validation.
Bind Link – EDR Tampering
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
Purple Team
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
How i found a europa.eu compromise
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
Himanshu Anand :: Threat Notes
how i found a europa.eu compromise (thanks to cricket)
TLDR
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Security Audit of OpenEXR · Luma
https://ift.tt/Oq4oARj
Submitted December 01, 2025 at 09:14PM by smaury
via reddit https://ift.tt/MyvYrjo
https://ift.tt/Oq4oARj
Submitted December 01, 2025 at 09:14PM by smaury
via reddit https://ift.tt/MyvYrjo
Luma
Security Audit of OpenEXR · Luma
Denoscription
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
Shai Hulud 2.0: Analysis and Community Resources
https://ift.tt/IoaZRmB
Submitted December 01, 2025 at 10:59PM by alt69785
via reddit https://ift.tt/sSoxfrt
https://ift.tt/IoaZRmB
Submitted December 01, 2025 at 10:59PM by alt69785
via reddit https://ift.tt/sSoxfrt
pulse.latio.tech
Shai Hulud 2.0: Analysis and Community Resources
We've complied all the best tools, prevention methods and articles for responding to Shai Hulud 2.0 and share our analysis so teams can understand the impact
Need feedback on Synthetic HTTP Requests Dataset for AI WAF Training I created
https://ift.tt/GoT6Neq
Submitted December 02, 2025 at 06:13AM by muneebdev
via reddit https://ift.tt/DrYVtI1
https://ift.tt/GoT6Neq
Submitted December 02, 2025 at 06:13AM by muneebdev
via reddit https://ift.tt/DrYVtI1
huggingface.co
notesbymuneeb/ai-waf-dataset · Datasets at Hugging Face
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
Need Guidance: Where to take report on 15 potential Linux Kernel / VFS Vulnerabilities (including LPE Race Condition fix)
https://drive.google.com/file/d/1N5qRue78v1B-JoprkNpxydImZOnYJ_55/view?usp=drivesdk
Submitted December 02, 2025 at 07:50AM by EarCommercial6342
via reddit https://ift.tt/3piBunF
https://drive.google.com/file/d/1N5qRue78v1B-JoprkNpxydImZOnYJ_55/view?usp=drivesdk
Submitted December 02, 2025 at 07:50AM by EarCommercial6342
via reddit https://ift.tt/3piBunF
Reddit
From the netsec community on Reddit: Need Guidance: Where to take report on 15 potential Linux Kernel / VFS Vulnerabilities (including…
Posted by EarCommercial6342 - 0 votes and 1 comment
How Hackers Use NPMSCan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
https://ift.tt/HFmU1lC
Submitted December 02, 2025 at 03:27PM by kryakrya_it
via reddit https://ift.tt/gpwJyQl
https://ift.tt/HFmU1lC
Submitted December 02, 2025 at 03:27PM by kryakrya_it
via reddit https://ift.tt/gpwJyQl
BlockHacks
How Hackers Use NPMSCan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
Deep-dive, no-login supply-chain analysis of popular npm ecosystems (Next.js, Nuxt.js, React, Bun) using NPMSCan to surface real-world attack paths: auth bypass, cache poisoning, SSRF, Nuxt payload traversal, legacy React XSS, and Bun command injection.
AI Autonomously Finds 7 FFmpeg Vulnerabilities
https://ift.tt/a9m2gW6
Submitted December 03, 2025 at 02:39AM by anonjohn1212
via reddit https://ift.tt/yBsW1rv
https://ift.tt/a9m2gW6
Submitted December 03, 2025 at 02:39AM by anonjohn1212
via reddit https://ift.tt/yBsW1rv
Zeropath
Autonomously Finding 7 FFmpeg Vulnerabilities With AI - ZeroPath Blog
ZeroPath's AI-assisted SAST analyzed FFmpeg and reported seven distinct memory safety flaws, including buffer overflows and invalid memory writes, missed by traditional tools.
Hacking the Meatmeet BBQ Probe — BLE BBQ Botnet
https://ift.tt/H63fztF
Submitted December 03, 2025 at 06:02AM by duduywn
via reddit https://ift.tt/2lpg0fh
https://ift.tt/H63fztF
Submitted December 03, 2025 at 06:02AM by duduywn
via reddit https://ift.tt/2lpg0fh
Softwaresecured
Hacking the Meatmeet BBQ Probe
We uncover BLE flaws in the Meatmeet BBQ probe that allowed us to take over the device, push malicious firmware, and even build a BLE BBQ Probe botnet.
Newly allocated CVEs on an ICS 5G modem
https://ift.tt/RQv1Kfa
Submitted December 03, 2025 at 07:42AM by Salt-Consequence3647
via reddit https://ift.tt/bPWgmQ1
https://ift.tt/RQv1Kfa
Submitted December 03, 2025 at 07:42AM by Salt-Consequence3647
via reddit https://ift.tt/bPWgmQ1
Medium
Discovery of two Two Critical Vulnerabilities in RUT22GW Industrial LTE Cellular Routers
RUT22GW Industrial LTE Cellular Routers contain critical RCE and backdoor flaws allowing attackers full get remote control.
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
https://ift.tt/t6hZf3J
Submitted December 03, 2025 at 03:30PM by SRMish3
via reddit https://ift.tt/JtPQCvA
https://ift.tt/t6hZf3J
Submitted December 03, 2025 at 03:30PM by SRMish3
via reddit https://ift.tt/JtPQCvA
JFrog
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities
Learn how 3 critical zero-days (CVSS 9.3) found by JFrog in PickleScan, allow bypassing the PyTorch ML model scanner resulting in malicious models hiding & executing code.
Security research in the age of AI tools
https://ift.tt/y35BuJj
Submitted December 03, 2025 at 08:07PM by Ok_Information1453
via reddit https://ift.tt/zESvrWu
https://ift.tt/y35BuJj
Submitted December 03, 2025 at 08:07PM by Ok_Information1453
via reddit https://ift.tt/zESvrWu
Invicti
Security Research in the Age of AI Tools
Learn how AI tools can support security researchers in investigating vulnerabilities and designing security checks to detect them.
From Zero to SYSTEM: Building PrintSpoofer from Scratch
https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/
Submitted December 03, 2025 at 07:43PM by AlmondOffSec
via reddit https://ift.tt/Xc0hNBS
https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/
Submitted December 03, 2025 at 07:43PM by AlmondOffSec
via reddit https://ift.tt/Xc0hNBS
bl4ckarch
From Zero to SYSTEM: Building PrintSpoofer from Scratch
A complete journey from understanding Named Pipes to building an undetectable PrintSpoofer learning Windows internals, token impersonation, RPC, and evasion techniques along the way.
Critical Security Vulnerability in React Server Components – React
https://ift.tt/2pX8rVq
Submitted December 03, 2025 at 09:53PM by unknownhad
via reddit https://ift.tt/pbiCEmx
https://ift.tt/2pX8rVq
Submitted December 03, 2025 at 09:53PM by unknownhad
via reddit https://ift.tt/pbiCEmx
react.dev
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
Using ClickHouse for Real-Time L7 DDoS & Bot Traffic Analytics with Tempesta FW
https://ift.tt/btv5s2w
Submitted December 04, 2025 at 12:33AM by krizhanovsky
via reddit https://ift.tt/24rbkOt
https://ift.tt/btv5s2w
Submitted December 04, 2025 at 12:33AM by krizhanovsky
via reddit https://ift.tt/24rbkOt
Tempesta Technologies
Defending Against L7 DDoS and Web Bots with Tempesta FW - Tempesta Technologies
Tempesta FW 0.8 introduces a zero-copy per-CPU access logs streaming to a ClickHouse database. This article discusses how to analyse that data for L7 DDoS mitigation and bot management. Finally, we introduce our new open-source project, WebShield, which automatically…
68% Of Phishing Websites Are Protected by CloudFlare
https://ift.tt/mk0bZ6g
Submitted December 04, 2025 at 12:25AM by theMiddleBlue
via reddit https://ift.tt/HmMXs7j
https://ift.tt/mk0bZ6g
Submitted December 04, 2025 at 12:25AM by theMiddleBlue
via reddit https://ift.tt/HmMXs7j
Sicuranext Blog
68% Of Phishing Websites Are Protected by CloudFlare
Earlier this year, our CTI team set out to build something we'd been thinking about for a while: a phishing intelligence pipeline that could actually keep up with the threat. We combined feeds from hundreds of independent sources with our own real-time hunt…
Hunting the hidden gems in libraries
https://ift.tt/1lRV7sN
Submitted December 04, 2025 at 08:20AM by Salt-Consequence3647
via reddit https://ift.tt/1POEzUM
https://ift.tt/1lRV7sN
Submitted December 04, 2025 at 08:20AM by Salt-Consequence3647
via reddit https://ift.tt/1POEzUM
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
https://ift.tt/XVBcKk2
Submitted December 04, 2025 at 09:25AM by alt69785
via reddit https://ift.tt/TNg6kWB
https://ift.tt/XVBcKk2
Submitted December 04, 2025 at 09:25AM by alt69785
via reddit https://ift.tt/TNg6kWB
Alex Schapiro
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
Update: This post received a large amount of attention on Hacker News — see the discussion thread.