“The Conscience of a Hacker” is 40 today
https://ift.tt/dZbNihK
Submitted January 09, 2026 at 08:22AM by posthocethics
via reddit https://ift.tt/nAgUibQ
https://ift.tt/dZbNihK
Submitted January 09, 2026 at 08:22AM by posthocethics
via reddit https://ift.tt/nAgUibQ
Phrack
Hacker's Manifesto
Click to read the article on phrack
Side-channel via delivery receipt timing on Signal and WhatsApp (Careless Whisper research)
https://ift.tt/hfJMFeE
Submitted January 09, 2026 at 11:28AM by Unicorn_Pie
via reddit https://ift.tt/lbjdpei
https://ift.tt/hfJMFeE
Submitted January 09, 2026 at 11:28AM by Unicorn_Pie
via reddit https://ift.tt/lbjdpei
Baizaar Tools
WhatsApp Signal Privacy Vulnerability: Silent Tracking Attack Exposed (2026) - Baizaar
Critical WhatsApp Signal privacy vulnerability exposed. Attackers track activity via delivery receipts. Learn protection steps for this 2026 timing attack.
Threat Road - A modern Vulnerability Database
https://threatroad.com
Submitted January 09, 2026 at 06:54PM by Big-Engineering-9365
via reddit https://ift.tt/Jme98Ar
https://threatroad.com
Submitted January 09, 2026 at 06:54PM by Big-Engineering-9365
via reddit https://ift.tt/Jme98Ar
Reddit
From the netsec community on Reddit: Threat Road - A modern Vulnerability Database
Posted by Big-Engineering-9365 - 0 votes and 1 comment
DVAIB: A deliberately vulnerable AI bank for practicing prompt injection and AI security attacks
https://dvaib.com
Submitted January 09, 2026 at 06:40PM by setsuid
via reddit https://ift.tt/J4NcryW
https://dvaib.com
Submitted January 09, 2026 at 06:40PM by setsuid
via reddit https://ift.tt/J4NcryW
[Article] Intercept: How MITM attacks work in Ethernet, IPv4 & IPv6
https://ift.tt/oFpbUlA
Submitted January 09, 2026 at 08:00PM by caster0x00
via reddit https://ift.tt/tcSUgWI
https://ift.tt/oFpbUlA
Submitted January 09, 2026 at 08:00PM by caster0x00
via reddit https://ift.tt/tcSUgWI
Caster
Intercept: How MITM attacks work in Ethernet, IPv4 & IPv6
A deep technical dive into how MITM attacks actually work in Ethernet, IPv4, and IPv6 networks from ARP and DHCP to IPv6 RA, DNS, and FHRP spoofing.
Browser based tech support scam abusing full screen, input lock, and fake BSOD
https://ift.tt/BYvFx2K
Submitted January 10, 2026 at 02:18PM by anuraggawande
via reddit https://ift.tt/upfIMo5
https://ift.tt/BYvFx2K
Submitted January 10, 2026 at 02:18PM by anuraggawande
via reddit https://ift.tt/upfIMo5
Malware Analysis, Phishing, and Email Scams
Fake Windows Update and BSOD Alerts Used in a Tech Support Scam
Overview While reviewing submissions received through the WordPress feedback form on my website, I came across a URL that initially appeared unremarkable. Such submissions are common and often cont…
Gixy-Next: NGINX Configuration Security & Hardening Scanner
https://gixy.io/
Submitted January 11, 2026 at 12:24AM by MegaManSec2
via reddit https://ift.tt/e87pP2z
https://gixy.io/
Submitted January 11, 2026 at 12:24AM by MegaManSec2
via reddit https://ift.tt/e87pP2z
gixy.io
Gixy-Next: NGINX Security Scanner & Configuration Checker
Open source NGINX security, hardening, and configuration compliance scanner for automating nginx.conf security audits, compliance checks, and hardening against misconfigurations
EDRStartupHinder: EDR Startup Process Blocker
https://ift.tt/lMAfSDR
Submitted January 11, 2026 at 03:43PM by Cold-Dinosaur
via reddit https://ift.tt/ElJhQyz
https://ift.tt/lMAfSDR
Submitted January 11, 2026 at 03:43PM by Cold-Dinosaur
via reddit https://ift.tt/ElJhQyz
Zerosalarium
EDRStartupHinder: EDR Startup Process Blocker
EDRStartupHinder prevents Antivirus/EDR running by redirecting DLL in the System32 folder to another location during Windows startup
Two CVEs, Zero Ego: A Mailpit Story
https://ift.tt/p3UCa45
Submitted January 12, 2026 at 12:53AM by c0daman
via reddit https://ift.tt/jli98E6
https://ift.tt/p3UCa45
Submitted January 12, 2026 at 12:53AM by c0daman
via reddit https://ift.tt/jli98E6
Rosecurify
Two CVEs, Zero Ego: A Mailpit Story
Found SSRF and WebSocket Hijacking vulnerabilities in Mailpit. Here's how responsible disclosure should work with zero ego and fast fixes.
Grok's image edits spark sexualised deepfakes and regulator probes worldwide
https://ift.tt/fxBSnbY
Submitted January 12, 2026 at 06:18AM by AnalystPatient
via reddit https://ift.tt/LGaQVji
https://ift.tt/fxBSnbY
Submitted January 12, 2026 at 06:18AM by AnalystPatient
via reddit https://ift.tt/LGaQVji
Client-side encrypted file sharing with Argon2id and AES-256-GCM
http://burnbox.au
Submitted January 12, 2026 at 07:19AM by Necessary_Bed8732
via reddit https://ift.tt/fkKewVs
http://burnbox.au
Submitted January 12, 2026 at 07:19AM by Necessary_Bed8732
via reddit https://ift.tt/fkKewVs
burnbox.au
Burnbox | Send. Burn. Forget.
Secure file transfer. Encrypted in your browser, destroyed on delivery.
Relaying NFS4 from inside a container
https://francesco.cc/posts/relaying_nfs4_from_inside_a_container/
Submitted January 12, 2026 at 07:18AM by Ok_Way1961
via reddit https://ift.tt/ockyhn8
https://francesco.cc/posts/relaying_nfs4_from_inside_a_container/
Submitted January 12, 2026 at 07:18AM by Ok_Way1961
via reddit https://ift.tt/ockyhn8
francesco.cc
Francesco - Relaying NFS4 from inside a container
WTF Are Abliterated Models? Uncensored LLMs Explained
https://ift.tt/eoqvRQ6
Submitted January 12, 2026 at 09:31AM by cport1
via reddit https://ift.tt/qNcS3Tj
https://ift.tt/eoqvRQ6
Submitted January 12, 2026 at 09:31AM by cport1
via reddit https://ift.tt/qNcS3Tj
Webdecoy
WTF Are Abliterated Models? Uncensored LLMs Explained - WebDecoy
What abliterated models are, how they work by removing the refusal direction in activation space, an
Pwning Claude Code in 8 Different Ways
https://ift.tt/liUMHLG
Submitted January 12, 2026 at 07:50PM by toyojuni
via reddit https://ift.tt/iYmvsTg
https://ift.tt/liUMHLG
Submitted January 12, 2026 at 07:50PM by toyojuni
via reddit https://ift.tt/iYmvsTg
GMO Flatt Security Research
Pwning Claude Code in 8 Different Ways
Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without my approval.
Since I wasn’t using the permission bypass…
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without my approval.
Since I wasn’t using the permission bypass…
EDR Silencing
https://ift.tt/4Lv8nNO
Submitted January 12, 2026 at 10:05PM by netbiosX
via reddit https://ift.tt/w7Bq85t
https://ift.tt/4Lv8nNO
Submitted January 12, 2026 at 10:05PM by netbiosX
via reddit https://ift.tt/w7Bq85t
Purple Team
EDR Silencing
Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and re…
Microsoft Bug Bounty.
https://ift.tt/Bgx1XnM
Submitted January 12, 2026 at 09:53PM by Orange2194
via reddit https://ift.tt/QVCGD2J
https://ift.tt/Bgx1XnM
Submitted January 12, 2026 at 09:53PM by Orange2194
via reddit https://ift.tt/QVCGD2J
OID-See: Giving Your OAuth Apps the Side-Eye
https://ift.tt/rxpGt27
Submitted January 12, 2026 at 10:53PM by AlmondOffSec
via reddit https://ift.tt/47uRZCY
https://ift.tt/rxpGt27
Submitted January 12, 2026 at 10:53PM by AlmondOffSec
via reddit https://ift.tt/47uRZCY
CirriusTech | Serious About Tech
OID-See: Giving Your OAuth Apps the Side-Eye
OID-See or BloodHound for OAuth in Entra: mapping consent, scopes, assignments, and trust signals into a graph so you can spot impersonation risk and OAuth sprawl.
Game-theoretic feedback loops for LLM-based pentesting: doubling success rates in test ranges
https://ift.tt/RCniDHr
Submitted January 12, 2026 at 11:46PM by Obvious-Language4462
via reddit https://ift.tt/XP5p67T
https://ift.tt/RCniDHr
Submitted January 12, 2026 at 11:46PM by Obvious-Language4462
via reddit https://ift.tt/XP5p67T
Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique
https://ift.tt/jaDMBFO
Submitted January 13, 2026 at 12:34AM by bagaudin
via reddit https://ift.tt/rW4STQL
https://ift.tt/jaDMBFO
Submitted January 13, 2026 at 12:34AM by bagaudin
via reddit https://ift.tt/rW4STQL
Acronis
Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
A common denominator in AI agent framework CVEs: Validation
https://ift.tt/8F0vA5z
Submitted January 13, 2026 at 12:33AM by Impossible_Ant1595
via reddit https://ift.tt/kGDAczo
https://ift.tt/8F0vA5z
Submitted January 13, 2026 at 12:33AM by Impossible_Ant1595
via reddit https://ift.tt/kGDAczo
Niyikiza
The Map is not the Territory: The Agent-Tool Trust Boundary
Or Why You Can't Regex Your Way to Agent Security
Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE
https://securityonline.info/double-critical-hardcoded-secrets-expose-ruckus-iot-controllers-to-root-rce/
Submitted January 13, 2026 at 08:31PM by div3rto
via reddit https://ift.tt/IyQpnxr
https://securityonline.info/double-critical-hardcoded-secrets-expose-ruckus-iot-controllers-to-root-rce/
Submitted January 13, 2026 at 08:31PM by div3rto
via reddit https://ift.tt/IyQpnxr
Daily CyberSecurity
Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE
Two CVSS 10 flaws (CVE-2025-69425 & CVE-2025-69426) hit Ruckus vRIoT. Hardcoded secrets allow attackers to seize root access. Update to v3.0.0.0 now.