Early warning signs of runtime compromise
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 08:24PM by AviMitz_
via reddit https://ift.tt/mwbp4H3
https://ift.tt/ai9uv3X
Submitted December 27, 2025 at 08:24PM by AviMitz_
via reddit https://ift.tt/mwbp4H3
Reddit
From the netsec community on Reddit: Early warning signs of runtime compromise
Posted by AviMitz_ - 0 votes and 0 comments
Implicit execution authority is the real failure mode behind prompt injection
https://ift.tt/uvNExDw
Submitted December 27, 2025 at 11:27PM by anima-core
via reddit https://ift.tt/t7u8j0F
https://ift.tt/uvNExDw
Submitted December 27, 2025 at 11:27PM by anima-core
via reddit https://ift.tt/t7u8j0F
Zenodo
Authority Separation in AI Systems: Structural Guarantees Across Security, Epistemics, Economics, and Safety
This paper introduces authority separation as a foundational architectural principle for AI systems in which language models propose actions but do not authorize execution. We demonstrate that separating generation from execution authority provides structural…
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
https://ift.tt/9rZUbeS
Submitted December 28, 2025 at 01:51AM by AlmondOffSec
via reddit https://ift.tt/oWYciMV
https://ift.tt/9rZUbeS
Submitted December 28, 2025 at 01:51AM by AlmondOffSec
via reddit https://ift.tt/oWYciMV
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for…
Identity misuse that looks completely normal
https://www.armosec.io/
Submitted December 28, 2025 at 12:52PM by Additional_Bar8316
via reddit https://ift.tt/146c7tj
https://www.armosec.io/
Submitted December 28, 2025 at 12:52PM by Additional_Bar8316
via reddit https://ift.tt/146c7tj
ARMO
ARMO: Runtime Behavioral Cloud Application Detection & Response (CADR)
Zero-day and every day protection for your cloud applications with a complete explainable & traceable runtime security story.
Detecting unknown MCPs in local dev environments
https://example.com
Submitted December 29, 2025 at 07:51PM by Ok-Guide-4239
via reddit https://ift.tt/u534Eti
https://example.com
Submitted December 29, 2025 at 07:51PM by Ok-Guide-4239
via reddit https://ift.tt/u534Eti
Reddit
From the netsec community on Reddit: Detecting unknown MCPs in local dev environments
Posted by Ok-Guide-4239 - 2 votes and 1 comment
39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools
https://ift.tt/EPXWtlN
Submitted December 29, 2025 at 11:58PM by LordAlfredo
via reddit https://ift.tt/4xMVSAb
https://ift.tt/EPXWtlN
Submitted December 29, 2025 at 11:58PM by LordAlfredo
via reddit https://ift.tt/4xMVSAb
c't Magazin
39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools
Security researchers have found various security-relevant errors in GnuPG and similar programs. Many of the vulnerabilities are (still) not fixed.
Mitigating npm supply chain attacks using local Levenshtein distance and metadata analysis
https://pchavali09.github.io/posts/npm-guard/
Submitted December 30, 2025 at 03:36AM by WestCoralVoice
via reddit https://ift.tt/JTvyCbu
https://pchavali09.github.io/posts/npm-guard/
Submitted December 30, 2025 at 03:36AM by WestCoralVoice
via reddit https://ift.tt/JTvyCbu
Pavan Chavali
Vibe Coding, Phantom Dependencies, and Why You Need a Bouncer for npm
AI coding introduces "Phantom Dependencies" that bypass traditional scanners. Learn how npm-guard blocks malicious packages at the shell level before execution.
RMM Abuse in a Crypto Wallet Distribution Campaign
https://ift.tt/WvIL4Cf
Submitted December 31, 2025 at 02:33AM by anuraggawande
via reddit https://ift.tt/z4kyFxe
https://ift.tt/WvIL4Cf
Submitted December 31, 2025 at 02:33AM by anuraggawande
via reddit https://ift.tt/z4kyFxe
Malware Analysis, Phishing, and Email Scams
RMM Abuse in a Crypto Wallet Distribution Campaign
Analysis of a Suspicious “Eternl Desktop” MSI Installer Dropping LogMeIn Resolve Overview A professionally written announcement email noscriptd “Eternl Desktop Is Live — Secure Execution for Atrium &a…
built an SSRF prevention library
https://ift.tt/jWmIECi
Submitted January 01, 2026 at 06:26PM by Inner-Combination177
via reddit https://ift.tt/x9I206g
https://ift.tt/jWmIECi
Submitted January 01, 2026 at 06:26PM by Inner-Combination177
via reddit https://ift.tt/x9I206g
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
https://ift.tt/bRFeCqK
Submitted January 01, 2026 at 08:14PM by wtfse
via reddit https://ift.tt/whn07pq
https://ift.tt/bRFeCqK
Submitted January 01, 2026 at 08:14PM by wtfse
via reddit https://ift.tt/whn07pq
Mehmet Ince @mdisec
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance - Mehmet…
It was May 2024, and our internal security team was evaluating the LogPoint SIEM/SOAR platform to replace our existing platform, potentially. As part of a habit I’ve built over the years —and honestly, part of our 3rd party due diligence— I gave myself 24…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/2MEjfP7
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/2MEjfP7
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Built an automated red-team tool to find LLM vulnerabilities. Most AI apps are frighteningly easy to break.
https://sentinel-audit-theta.vercel.app/
Submitted January 02, 2026 at 06:47AM by Fabulous_Nothing7576
via reddit https://ift.tt/wWHMEUt
https://sentinel-audit-theta.vercel.app/
Submitted January 02, 2026 at 06:47AM by Fabulous_Nothing7576
via reddit https://ift.tt/wWHMEUt
Windows Registry Persistence Techniques without Registry Callbacks
https://ift.tt/fjo0GwW
Submitted January 02, 2026 at 06:45PM by radkawar
via reddit https://ift.tt/xRnLpJ2
https://ift.tt/fjo0GwW
Submitted January 02, 2026 at 06:45PM by radkawar
via reddit https://ift.tt/xRnLpJ2
DeceptIQ
Registry Writes Without Registry Callbacks
An overlooked Windows profile mechanism that bypasses CmRegisterCallback monitoring entirely. Learn more about registry writes without registry callbacks.
Technical Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB
https://ift.tt/RuX9JOs
Submitted January 02, 2026 at 10:29PM by Diligent-Side4917
via reddit https://ift.tt/qs7WGzC
https://ift.tt/RuX9JOs
Submitted January 02, 2026 at 10:29PM by Diligent-Side4917
via reddit https://ift.tt/qs7WGzC
Phoenix Security
MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
MongoBleed vulnerability (CVE-2025-14847) leaks MongoDB heap memory without auth via zlib. See affected versions, exposure, and fixes.
Looking for fitting mystery guest certification
https://ift.tt/itaWDYe
Submitted January 03, 2026 at 01:38AM by Joepus16
via reddit https://ift.tt/Ouh4IBg
https://ift.tt/itaWDYe
Submitted January 03, 2026 at 01:38AM by Joepus16
via reddit https://ift.tt/Ouh4IBg
International Anti Crime Academy
OSINT Training Center
Ontdek de hands-on beroepsopleidingen en trainingen aangeboden door het OSINT Training Center van de International Anti Crime Academy (IACA). Onze klassikale opleidingen omvatten Digitaal Informatiegestuurd Opsporen en Optreden, Open Source Intelligence (OSINT)…
HardBit 4.0 Ransomware Evolution
https://ift.tt/Xsze2h5
Submitted January 04, 2026 at 02:32AM by AriannaLombardi76
via reddit https://ift.tt/oUSYPOD
https://ift.tt/Xsze2h5
Submitted January 04, 2026 at 02:32AM by AriannaLombardi76
via reddit https://ift.tt/oUSYPOD
Integer Factorization via Subset-Sum Reduction:A Heuristic Approach Suggesting Practical P=NPEquivalence
https://osf.io/u7sdj
Submitted January 04, 2026 at 09:53AM by No_Arachnid_5563
via reddit https://ift.tt/3PtFWuJ
https://osf.io/u7sdj
Submitted January 04, 2026 at 09:53AM by No_Arachnid_5563
via reddit https://ift.tt/3PtFWuJ
OSF
Integer_Factorization_via_Subset_Sum_Reduction__A_Heuristic_Approach_Suggesting_Practical_P_NP_Equivalence.pdf
Evaluating interface-based concealment in local data protection: threat model considerations
https://ift.tt/tMx1WVr
Submitted January 05, 2026 at 08:45AM by daunderrated_guy
via reddit https://ift.tt/OYMhEVL
https://ift.tt/tMx1WVr
Submitted January 05, 2026 at 08:45AM by daunderrated_guy
via reddit https://ift.tt/OYMhEVL
Microsoft Store - Download apps, games & more for your Windows PC
secure calculator vault - Download and install on Windows | Microsoft Store
Secure Calculator Vault is a privacy-focused Windows application that combines a secure calculator, file vault, and built in media viewer into one clean and reliable tool.
Designed for user who value security and simplicity, the app allows you to safely…
Designed for user who value security and simplicity, the app allows you to safely…
tailsnitch: A security auditor and configuration checklist for Tailscale configurations
https://ift.tt/c85lfAE
Submitted January 06, 2026 at 03:14AM by ok_bye_now_
via reddit https://ift.tt/4Cy9LiO
https://ift.tt/c85lfAE
Submitted January 06, 2026 at 03:14AM by ok_bye_now_
via reddit https://ift.tt/4Cy9LiO
www.adversis.io
Tailscale Security - A Threat-Based Hardening Guide for Growing Companies
A threat analysis and compliance mapping guide for Tailscale deployments. Check out tailsnitch to audit your setup
A practical guide to finding soundness bugs in ZK circuits
https://ift.tt/w8rkYJ4
Submitted January 06, 2026 at 11:53AM by Rude_Ad3947
via reddit https://ift.tt/g1kR25p
https://ift.tt/w8rkYJ4
Submitted January 06, 2026 at 11:53AM by Rude_Ad3947
via reddit https://ift.tt/g1kR25p
Medium
A Practical Guide to Finding Soundness Bugs in ZK Circuits.
Zero-knowledge proofs are a core building block for blockchain scaling and privacy. In real-world deployments, the fragile part is usually…
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://ift.tt/z5pR9UW
Submitted January 06, 2026 at 07:58PM by crower
via reddit https://ift.tt/Cghvowf
https://ift.tt/z5pR9UW
Submitted January 06, 2026 at 07:58PM by crower
via reddit https://ift.tt/Cghvowf
blog.nns.ee
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
Ethical Hacking and Cybersecurity Blog