Hunting the hidden gems in libraries
https://ift.tt/1lRV7sN
Submitted December 04, 2025 at 08:20AM by Salt-Consequence3647
via reddit https://ift.tt/1POEzUM
https://ift.tt/1lRV7sN
Submitted December 04, 2025 at 08:20AM by Salt-Consequence3647
via reddit https://ift.tt/1POEzUM
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
https://ift.tt/XVBcKk2
Submitted December 04, 2025 at 09:25AM by alt69785
via reddit https://ift.tt/TNg6kWB
https://ift.tt/XVBcKk2
Submitted December 04, 2025 at 09:25AM by alt69785
via reddit https://ift.tt/TNg6kWB
Alex Schapiro
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files
Update: This post received a large amount of attention on Hacker News — see the discussion thread.
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
https://ift.tt/o1jPstD
Submitted December 04, 2025 at 12:34PM by Mempodipper
via reddit https://ift.tt/Jhf4StZ
https://ift.tt/o1jPstD
Submitted December 04, 2025 at 12:34PM by Mempodipper
via reddit https://ift.tt/Jhf4StZ
Searchlight Cyber
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) › Searchlight Cyber
This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Components, which Next.js utilizes. Over the last day, we have noticed…
CVE PoC Search
https://ift.tt/VJSMfUN
Submitted December 04, 2025 at 06:22PM by JS-Labs
via reddit https://ift.tt/dL76UN2
https://ift.tt/VJSMfUN
Submitted December 04, 2025 at 06:22PM by JS-Labs
via reddit https://ift.tt/dL76UN2
labs.jamessawyer.co.uk
CVE PoC Search
Searchable index of CVE proof-of-concept links collected from GitHub.
SVG Clickjacking: A novel and powerful twist on an old classic
https://ift.tt/qtMu3dJ
Submitted December 04, 2025 at 08:44PM by rebane2001
via reddit https://ift.tt/yDzmOTi
https://ift.tt/qtMu3dJ
Submitted December 04, 2025 at 08:44PM by rebane2001
via reddit https://ift.tt/yDzmOTi
lyra's epic blog
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
Second order prompt injection attacks on ServiceNow Now Assist
https://ift.tt/AfEN2Ul
Submitted December 04, 2025 at 11:22PM by smode21
via reddit https://ift.tt/BWVS934
https://ift.tt/AfEN2Ul
Submitted December 04, 2025 at 11:22PM by smode21
via reddit https://ift.tt/BWVS934
AppOmni
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
See how prompt injection attacks work in ServiceNow to perform unauthorized actions, and how to defend against it with AppOmni AgentGuard.
Prompt Injection Inside GitHub Actions
https://ift.tt/n1yMbEJ
Submitted December 05, 2025 at 12:53AM by ScottContini
via reddit https://ift.tt/qeUnFw8
https://ift.tt/n1yMbEJ
Submitted December 05, 2025 at 12:53AM by ScottContini
via reddit https://ift.tt/qeUnFw8
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
Scam Telegram: Uncovering a network of groups spreading crypto drainers
https://ift.tt/XwpzrEi
Submitted December 05, 2025 at 05:45AM by WesternBest
via reddit https://ift.tt/9v1xyXT
https://ift.tt/XwpzrEi
Submitted December 05, 2025 at 05:45AM by WesternBest
via reddit https://ift.tt/9v1xyXT
tim.sh
Scam Telegram: Investigation
How I found a large network of fake support groups spreading crypto stealers and drainers.
Privilege escalation with SageMaker and there's more hiding in execution roles
https://ift.tt/FZ8jJiz
Submitted December 05, 2025 at 09:51AM by alt69785
via reddit https://ift.tt/j09bnsO
https://ift.tt/FZ8jJiz
Submitted December 05, 2025 at 09:51AM by alt69785
via reddit https://ift.tt/j09bnsO
Plerion
Privilege escalation with SageMaker and there's more hiding in execution roles
A subtle AWS privesc hiding in SageMaker lifecycle configs, and what it reveals about execution roles.
Whitebox (simulation) vs. blackbox (red team) phishing
https://phishing.club/blog/white-box-vs-black-box-phishing/
Submitted December 05, 2025 at 05:25PM by hackeronni
via reddit https://ift.tt/SJqfp2Y
https://phishing.club/blog/white-box-vs-black-box-phishing/
Submitted December 05, 2025 at 05:25PM by hackeronni
via reddit https://ift.tt/SJqfp2Y
Phishing Club
Phishing Club - Professional Self-Hosted Phishing Platform
Professional self-hosted phishing platform built for enterprises, red teams, and security providers. Deploy locally for complete control over campaigns, data, and infrastructure with unlimited simulations and full privacy.
AI/LLM Red Team Handbook and Field Manual
https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual
Submitted December 05, 2025 at 06:05PM by esmurf
via reddit https://ift.tt/5hVeFQH
https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual
Submitted December 05, 2025 at 06:05PM by esmurf
via reddit https://ift.tt/5hVeFQH
Reddit
[Mature Content] From the netsec community on Reddit: AI/LLM Red Team Handbook and Field Manual
Posted by esmurf - 39 votes and 9 comments
SSRF Payload Generator for fuzzing PDF Generators etc...
https://ift.tt/rQUzgp0
Submitted December 05, 2025 at 06:56PM by robbanrobbin
via reddit https://ift.tt/duJWM20
https://ift.tt/rQUzgp0
Submitted December 05, 2025 at 06:56PM by robbanrobbin
via reddit https://ift.tt/duJWM20
Shelltrail
SSRF Payload Generator | Shelltrail - Swedish Experts in Pentesting
Generate HTML/SVG payloads for testing Server-Side Request Forgery vulnerabilities.
Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
https://fcavallarin.github.io/wirebrowser/BDHS-Origin-Trace
Submitted December 05, 2025 at 08:18PM by filippo_cavallarin
via reddit https://ift.tt/izkBmFt
https://fcavallarin.github.io/wirebrowser/BDHS-Origin-Trace
Submitted December 05, 2025 at 08:18PM by filippo_cavallarin
via reddit https://ift.tt/izkBmFt
Reddit
From the netsec community on Reddit: Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)
Posted by filippo_cavallarin - 17 votes and 0 comments
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium | mischief
https://ift.tt/aHb4Tsd
Submitted December 07, 2025 at 01:02PM by S3cur3Th1sSh1t
via reddit https://ift.tt/wXH94RD
https://ift.tt/aHb4Tsd
Submitted December 07, 2025 at 01:02PM by S3cur3Th1sSh1t
via reddit https://ift.tt/wXH94RD
mischief
Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium
Utilizing the Chrome DevTools Protocol to delegate C2 HTTP-traffic.
How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC
https://ift.tt/rZSEBHC
Submitted December 07, 2025 at 10:03PM by Economy-Treat-768
via reddit https://ift.tt/iNmsghO
https://ift.tt/rZSEBHC
Submitted December 07, 2025 at 10:03PM by Economy-Treat-768
via reddit https://ift.tt/iNmsghO
arXiv.org
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor...
With over 3 billion users globally, mobile instant messaging apps have become indispensable for both personal and professional communication. Besides plain messaging, many services implement...
Patching Pulse Oximeter Firmware
https://ift.tt/65Gczer
Submitted December 07, 2025 at 10:00PM by alt69785
via reddit https://ift.tt/6gmWlDd
https://ift.tt/65Gczer
Submitted December 07, 2025 at 10:00PM by alt69785
via reddit https://ift.tt/6gmWlDd
Publishing Malicious VS Code Extensions: Bypassing VS Code Marketplace Analysis and the Insecurity of OpenVSX (Cursor AI/Windsurf)
https://ift.tt/7lCegPQ
Submitted December 08, 2025 at 11:31AM by mazen160
via reddit https://ift.tt/XnGCQqA
https://ift.tt/7lCegPQ
Submitted December 08, 2025 at 11:31AM by mazen160
via reddit https://ift.tt/XnGCQqA
Mazin Ahmed
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming.
Free Security Canaries (SSH, AWS, Cookies, Email, more..) - Tracebit Community Edition
https://ift.tt/VU4w7zf
Submitted December 08, 2025 at 07:04PM by tracebit
via reddit https://ift.tt/isyDlS4
https://ift.tt/VU4w7zf
Submitted December 08, 2025 at 07:04PM by tracebit
via reddit https://ift.tt/isyDlS4
Tracebit
Announcing Tracebit Community Edition | Tracebit
We're excited to announce Tracebit Community Edition, a completely free-forever platform to deploy security canaries.
New Prompt Injection Attack Vectors Through MCP Sampling
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Submitted December 08, 2025 at 08:21PM by alt69785
via reddit https://ift.tt/7uTZARy
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Submitted December 08, 2025 at 08:21PM by alt69785
via reddit https://ift.tt/7uTZARy
Unit 42
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
React2shell: Critical vulnerability in react
https://ift.tt/nrEKzat
Submitted December 08, 2025 at 10:30PM by DramaticWerewolf7365
via reddit https://ift.tt/4uOnQFc
https://ift.tt/nrEKzat
Submitted December 08, 2025 at 10:30PM by DramaticWerewolf7365
via reddit https://ift.tt/4uOnQFc
JFrog
CVE-2025-55182 and CVE-2025-66478 ("React2Shell") - All you need to know
Critical React RCE vulnerability (React2Shell CVE-2025-55182) threatens Next.js apps. Learn how to detect with JFrog Xray and patch immediately.
Learning cloud exploits for redteam, alternative to SANS588 GCPN
https://ift.tt/WFgwLVm
Submitted December 09, 2025 at 06:41AM by EnoughAd1957
via reddit https://ift.tt/qPMRzUy
https://ift.tt/WFgwLVm
Submitted December 09, 2025 at 06:41AM by EnoughAd1957
via reddit https://ift.tt/qPMRzUy
SANS Institute
SEC588: Cloud Penetration Testing
Cloud security starts with thinking like the adversary—hack, test, and assess cloud environments built from real-world attacks.