CSRF Protection without Tokens or Hidden Form Fields
https://ift.tt/AfSJVwv
Submitted December 25, 2025 at 04:27PM by AlmondOffSec
via reddit https://ift.tt/xYo6c4b
https://ift.tt/AfSJVwv
Submitted December 25, 2025 at 04:27PM by AlmondOffSec
via reddit https://ift.tt/xYo6c4b
Miguelgrinberg
CSRF Protection without Tokens or Hidden Form Fields
A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea.When I set off to do this…
LangGrinch: A Bug in the Library, A Lesson for the Architecture
https://ift.tt/5lUg4rF
Submitted December 26, 2025 at 04:07PM by hfti
via reddit https://ift.tt/03XHplB
https://ift.tt/5lUg4rF
Submitted December 26, 2025 at 04:07PM by hfti
via reddit https://ift.tt/03XHplB
Amla Labs
LangGrinch: A Bug in the Library, A Lesson for the Architecture | Amla Labs
A critical CVE in LangChain shows why credential isolation matters more than perfect code.
How do you handle daily news fatigue? Looking for feedback on a curation project.
https://ift.tt/TXh2NV6
Submitted December 26, 2025 at 03:37PM by Big-Engineering-9365
via reddit https://ift.tt/NYWy05R
https://ift.tt/TXh2NV6
Submitted December 26, 2025 at 03:37PM by Big-Engineering-9365
via reddit https://ift.tt/NYWy05R
Substack
Threat Road | Alex from Threat Road | Substack
Infosec news that doesn’t make you want to quit tech. Click to read Threat Road, by Alex from Threat Road, a Substack publication. Launched a month ago.
First verified SHA-256 second-preimage collision: Structural analysis of the W-schedule vulnerability
https://ift.tt/Eoxevtr
Submitted December 27, 2025 at 07:33AM by No_Arachnid_5563
via reddit https://ift.tt/NPeMUAq
https://ift.tt/Eoxevtr
Submitted December 27, 2025 at 07:33AM by No_Arachnid_5563
via reddit https://ift.tt/NPeMUAq
OSF
FIRST_REAL_COLISION_SHA_256_ENGLISH.ipynb
Why runtime attacks stay quiet for so long
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 03:26PM by OKAMI_TAMA
via reddit https://ift.tt/M4vZQ3c
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 03:26PM by OKAMI_TAMA
via reddit https://ift.tt/M4vZQ3c
Why runtime attacks stay quiet for so long
https://www.armosec.io/
Submitted December 27, 2025 at 04:05PM by OKAMI_TAMA
via reddit https://ift.tt/Ns1ZPBT
https://www.armosec.io/
Submitted December 27, 2025 at 04:05PM by OKAMI_TAMA
via reddit https://ift.tt/Ns1ZPBT
ARMO
ARMO: Runtime Behavioral Cloud Application Detection & Response (CADR)
Zero-day and every day protection for your cloud applications with a complete explainable & traceable runtime security story.
Mongobleed - CVE-2025-14847
https://ift.tt/AlQUhPw
Submitted December 27, 2025 at 06:45PM by depierre
via reddit https://ift.tt/vnkqSrT
https://ift.tt/AlQUhPw
Submitted December 27, 2025 at 06:45PM by depierre
via reddit https://ift.tt/vnkqSrT
Medium
Merry Christmas Day! Have a MongoDB security incident.
Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.
Early warning signs of runtime compromise
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 08:24PM by AviMitz_
via reddit https://ift.tt/mwbp4H3
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 08:24PM by AviMitz_
via reddit https://ift.tt/mwbp4H3
Reddit
From the netsec community on Reddit: Early warning signs of runtime compromise
Posted by AviMitz_ - 0 votes and 0 comments
Implicit execution authority is the real failure mode behind prompt injection
https://ift.tt/uvNExDw
Submitted December 27, 2025 at 11:27PM by anima-core
via reddit https://ift.tt/t7u8j0F
https://ift.tt/uvNExDw
Submitted December 27, 2025 at 11:27PM by anima-core
via reddit https://ift.tt/t7u8j0F
Zenodo
Authority Separation in AI Systems: Structural Guarantees Across Security, Epistemics, Economics, and Safety
This paper introduces authority separation as a foundational architectural principle for AI systems in which language models propose actions but do not authorize execution. We demonstrate that separating generation from execution authority provides structural…
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
https://ift.tt/9rZUbeS
Submitted December 28, 2025 at 01:51AM by AlmondOffSec
via reddit https://ift.tt/oWYciMV
https://ift.tt/9rZUbeS
Submitted December 28, 2025 at 01:51AM by AlmondOffSec
via reddit https://ift.tt/oWYciMV
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for…
Identity misuse that looks completely normal
https://www.armosec.io/
Submitted December 28, 2025 at 12:52PM by Additional_Bar8316
via reddit https://ift.tt/146c7tj
https://www.armosec.io/
Submitted December 28, 2025 at 12:52PM by Additional_Bar8316
via reddit https://ift.tt/146c7tj
ARMO
ARMO: Runtime Behavioral Cloud Application Detection & Response (CADR)
Zero-day and every day protection for your cloud applications with a complete explainable & traceable runtime security story.