Mitigating npm supply chain attacks using local Levenshtein distance and metadata analysis
https://pchavali09.github.io/posts/npm-guard/
Submitted December 30, 2025 at 03:36AM by WestCoralVoice
via reddit https://ift.tt/JTvyCbu
https://pchavali09.github.io/posts/npm-guard/
Submitted December 30, 2025 at 03:36AM by WestCoralVoice
via reddit https://ift.tt/JTvyCbu
Pavan Chavali
Vibe Coding, Phantom Dependencies, and Why You Need a Bouncer for npm
AI coding introduces "Phantom Dependencies" that bypass traditional scanners. Learn how npm-guard blocks malicious packages at the shell level before execution.
RMM Abuse in a Crypto Wallet Distribution Campaign
https://ift.tt/WvIL4Cf
Submitted December 31, 2025 at 02:33AM by anuraggawande
via reddit https://ift.tt/z4kyFxe
https://ift.tt/WvIL4Cf
Submitted December 31, 2025 at 02:33AM by anuraggawande
via reddit https://ift.tt/z4kyFxe
Malware Analysis, Phishing, and Email Scams
RMM Abuse in a Crypto Wallet Distribution Campaign
Analysis of a Suspicious “Eternl Desktop” MSI Installer Dropping LogMeIn Resolve Overview A professionally written announcement email noscriptd “Eternl Desktop Is Live — Secure Execution for Atrium &a…
built an SSRF prevention library
https://ift.tt/jWmIECi
Submitted January 01, 2026 at 06:26PM by Inner-Combination177
via reddit https://ift.tt/x9I206g
https://ift.tt/jWmIECi
Submitted January 01, 2026 at 06:26PM by Inner-Combination177
via reddit https://ift.tt/x9I206g
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
https://ift.tt/bRFeCqK
Submitted January 01, 2026 at 08:14PM by wtfse
via reddit https://ift.tt/whn07pq
https://ift.tt/bRFeCqK
Submitted January 01, 2026 at 08:14PM by wtfse
via reddit https://ift.tt/whn07pq
Mehmet Ince @mdisec
The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance - Mehmet…
It was May 2024, and our internal security team was evaluating the LogPoint SIEM/SOAR platform to replace our existing platform, potentially. As part of a habit I’ve built over the years —and honestly, part of our 3rd party due diligence— I gave myself 24…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/2MEjfP7
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/2MEjfP7
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Built an automated red-team tool to find LLM vulnerabilities. Most AI apps are frighteningly easy to break.
https://sentinel-audit-theta.vercel.app/
Submitted January 02, 2026 at 06:47AM by Fabulous_Nothing7576
via reddit https://ift.tt/wWHMEUt
https://sentinel-audit-theta.vercel.app/
Submitted January 02, 2026 at 06:47AM by Fabulous_Nothing7576
via reddit https://ift.tt/wWHMEUt
Windows Registry Persistence Techniques without Registry Callbacks
https://ift.tt/fjo0GwW
Submitted January 02, 2026 at 06:45PM by radkawar
via reddit https://ift.tt/xRnLpJ2
https://ift.tt/fjo0GwW
Submitted January 02, 2026 at 06:45PM by radkawar
via reddit https://ift.tt/xRnLpJ2
DeceptIQ
Registry Writes Without Registry Callbacks
An overlooked Windows profile mechanism that bypasses CmRegisterCallback monitoring entirely. Learn more about registry writes without registry callbacks.
Technical Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB
https://ift.tt/RuX9JOs
Submitted January 02, 2026 at 10:29PM by Diligent-Side4917
via reddit https://ift.tt/qs7WGzC
https://ift.tt/RuX9JOs
Submitted January 02, 2026 at 10:29PM by Diligent-Side4917
via reddit https://ift.tt/qs7WGzC
Phoenix Security
MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
MongoBleed vulnerability (CVE-2025-14847) leaks MongoDB heap memory without auth via zlib. See affected versions, exposure, and fixes.
Looking for fitting mystery guest certification
https://ift.tt/itaWDYe
Submitted January 03, 2026 at 01:38AM by Joepus16
via reddit https://ift.tt/Ouh4IBg
https://ift.tt/itaWDYe
Submitted January 03, 2026 at 01:38AM by Joepus16
via reddit https://ift.tt/Ouh4IBg
International Anti Crime Academy
OSINT Training Center
Ontdek de hands-on beroepsopleidingen en trainingen aangeboden door het OSINT Training Center van de International Anti Crime Academy (IACA). Onze klassikale opleidingen omvatten Digitaal Informatiegestuurd Opsporen en Optreden, Open Source Intelligence (OSINT)…
HardBit 4.0 Ransomware Evolution
https://ift.tt/Xsze2h5
Submitted January 04, 2026 at 02:32AM by AriannaLombardi76
via reddit https://ift.tt/oUSYPOD
https://ift.tt/Xsze2h5
Submitted January 04, 2026 at 02:32AM by AriannaLombardi76
via reddit https://ift.tt/oUSYPOD
Integer Factorization via Subset-Sum Reduction:A Heuristic Approach Suggesting Practical P=NPEquivalence
https://osf.io/u7sdj
Submitted January 04, 2026 at 09:53AM by No_Arachnid_5563
via reddit https://ift.tt/3PtFWuJ
https://osf.io/u7sdj
Submitted January 04, 2026 at 09:53AM by No_Arachnid_5563
via reddit https://ift.tt/3PtFWuJ
OSF
Integer_Factorization_via_Subset_Sum_Reduction__A_Heuristic_Approach_Suggesting_Practical_P_NP_Equivalence.pdf
Evaluating interface-based concealment in local data protection: threat model considerations
https://ift.tt/tMx1WVr
Submitted January 05, 2026 at 08:45AM by daunderrated_guy
via reddit https://ift.tt/OYMhEVL
https://ift.tt/tMx1WVr
Submitted January 05, 2026 at 08:45AM by daunderrated_guy
via reddit https://ift.tt/OYMhEVL
Microsoft Store - Download apps, games & more for your Windows PC
secure calculator vault - Download and install on Windows | Microsoft Store
Secure Calculator Vault is a privacy-focused Windows application that combines a secure calculator, file vault, and built in media viewer into one clean and reliable tool.
Designed for user who value security and simplicity, the app allows you to safely…
Designed for user who value security and simplicity, the app allows you to safely…
tailsnitch: A security auditor and configuration checklist for Tailscale configurations
https://ift.tt/c85lfAE
Submitted January 06, 2026 at 03:14AM by ok_bye_now_
via reddit https://ift.tt/4Cy9LiO
https://ift.tt/c85lfAE
Submitted January 06, 2026 at 03:14AM by ok_bye_now_
via reddit https://ift.tt/4Cy9LiO
www.adversis.io
Tailscale Security - A Threat-Based Hardening Guide for Growing Companies
A threat analysis and compliance mapping guide for Tailscale deployments. Check out tailsnitch to audit your setup
A practical guide to finding soundness bugs in ZK circuits
https://ift.tt/w8rkYJ4
Submitted January 06, 2026 at 11:53AM by Rude_Ad3947
via reddit https://ift.tt/g1kR25p
https://ift.tt/w8rkYJ4
Submitted January 06, 2026 at 11:53AM by Rude_Ad3947
via reddit https://ift.tt/g1kR25p
Medium
A Practical Guide to Finding Soundness Bugs in ZK Circuits.
Zero-knowledge proofs are a core building block for blockchain scaling and privacy. In real-world deployments, the fragile part is usually…
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
https://ift.tt/z5pR9UW
Submitted January 06, 2026 at 07:58PM by crower
via reddit https://ift.tt/Cghvowf
https://ift.tt/z5pR9UW
Submitted January 06, 2026 at 07:58PM by crower
via reddit https://ift.tt/Cghvowf
blog.nns.ee
Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
Ethical Hacking and Cybersecurity Blog
Proxying Flutter Traffic on Android with Claude
https://ift.tt/e2qIsoW
Submitted January 06, 2026 at 11:25PM by rwestergren
via reddit https://ift.tt/EXnTelm
https://ift.tt/e2qIsoW
Submitted January 06, 2026 at 11:25PM by rwestergren
via reddit https://ift.tt/EXnTelm
Randy Westergren
Vibe Hacking: Proxying Flutter Traffic on Android with Claude - Randy Westergren
I’m a regular Cronometer user and as usual, I was interested in exploring the API driving the app – authentication, request patterns, the typical curiosity that drives my posts. When my go-to Android MiTM approach failed, my curiosity only increased and I…
Building Better CTFs
https://ift.tt/gZ9eUEi
Submitted January 07, 2026 at 06:24PM by Next_Variety3037
via reddit https://ift.tt/pVPt4wm
https://ift.tt/gZ9eUEi
Submitted January 07, 2026 at 06:24PM by Next_Variety3037
via reddit https://ift.tt/pVPt4wm
Medium
Building Better CTFs
If your CTF allows static flags in 2025, you’re not running a competition — you’re running a group chat.
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)
https://ift.tt/cTOadCg
Submitted January 07, 2026 at 09:18PM by we-we-we
via reddit https://ift.tt/wer2NYO
https://ift.tt/cTOadCg
Submitted January 07, 2026 at 09:18PM by we-we-we
via reddit https://ift.tt/wer2NYO
Cyera
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs
Cyera Research Labs has discovered a "worst-case scenario" flaw in n8n, the industry-leading platform for AI and workflow automation. Dubbed "Ni8mare," this vulnerability (CVE-2026-21858) allows an unauthenticated remote attacker to gain full administrative…
I built an open source SIEM with MITRE ATT&CK coverage mapping — looking for feedback on detection gaps
https://matijazezelj.github.io/sib/
Submitted January 07, 2026 at 09:13PM by matijaz
via reddit https://ift.tt/07YCSVO
https://matijazezelj.github.io/sib/
Submitted January 07, 2026 at 09:13PM by matijaz
via reddit https://ift.tt/07YCSVO
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by matijaz - 0 votes and 0 comments