Gixy-Next: NGINX Configuration Security & Hardening Scanner
https://gixy.io/
Submitted January 11, 2026 at 12:24AM by MegaManSec2
via reddit https://ift.tt/e87pP2z
https://gixy.io/
Submitted January 11, 2026 at 12:24AM by MegaManSec2
via reddit https://ift.tt/e87pP2z
gixy.io
Gixy-Next: NGINX Security Scanner & Configuration Checker
Open source NGINX security, hardening, and configuration compliance scanner for automating nginx.conf security audits, compliance checks, and hardening against misconfigurations
EDRStartupHinder: EDR Startup Process Blocker
https://ift.tt/lMAfSDR
Submitted January 11, 2026 at 03:43PM by Cold-Dinosaur
via reddit https://ift.tt/ElJhQyz
https://ift.tt/lMAfSDR
Submitted January 11, 2026 at 03:43PM by Cold-Dinosaur
via reddit https://ift.tt/ElJhQyz
Zerosalarium
EDRStartupHinder: EDR Startup Process Blocker
EDRStartupHinder prevents Antivirus/EDR running by redirecting DLL in the System32 folder to another location during Windows startup
Two CVEs, Zero Ego: A Mailpit Story
https://ift.tt/p3UCa45
Submitted January 12, 2026 at 12:53AM by c0daman
via reddit https://ift.tt/jli98E6
https://ift.tt/p3UCa45
Submitted January 12, 2026 at 12:53AM by c0daman
via reddit https://ift.tt/jli98E6
Rosecurify
Two CVEs, Zero Ego: A Mailpit Story
Found SSRF and WebSocket Hijacking vulnerabilities in Mailpit. Here's how responsible disclosure should work with zero ego and fast fixes.
Grok's image edits spark sexualised deepfakes and regulator probes worldwide
https://ift.tt/fxBSnbY
Submitted January 12, 2026 at 06:18AM by AnalystPatient
via reddit https://ift.tt/LGaQVji
https://ift.tt/fxBSnbY
Submitted January 12, 2026 at 06:18AM by AnalystPatient
via reddit https://ift.tt/LGaQVji
Client-side encrypted file sharing with Argon2id and AES-256-GCM
http://burnbox.au
Submitted January 12, 2026 at 07:19AM by Necessary_Bed8732
via reddit https://ift.tt/fkKewVs
http://burnbox.au
Submitted January 12, 2026 at 07:19AM by Necessary_Bed8732
via reddit https://ift.tt/fkKewVs
burnbox.au
Burnbox | Send. Burn. Forget.
Secure file transfer. Encrypted in your browser, destroyed on delivery.
Relaying NFS4 from inside a container
https://francesco.cc/posts/relaying_nfs4_from_inside_a_container/
Submitted January 12, 2026 at 07:18AM by Ok_Way1961
via reddit https://ift.tt/ockyhn8
https://francesco.cc/posts/relaying_nfs4_from_inside_a_container/
Submitted January 12, 2026 at 07:18AM by Ok_Way1961
via reddit https://ift.tt/ockyhn8
francesco.cc
Francesco - Relaying NFS4 from inside a container
WTF Are Abliterated Models? Uncensored LLMs Explained
https://ift.tt/eoqvRQ6
Submitted January 12, 2026 at 09:31AM by cport1
via reddit https://ift.tt/qNcS3Tj
https://ift.tt/eoqvRQ6
Submitted January 12, 2026 at 09:31AM by cport1
via reddit https://ift.tt/qNcS3Tj
Webdecoy
WTF Are Abliterated Models? Uncensored LLMs Explained - WebDecoy
What abliterated models are, how they work by removing the refusal direction in activation space, an
Pwning Claude Code in 8 Different Ways
https://ift.tt/liUMHLG
Submitted January 12, 2026 at 07:50PM by toyojuni
via reddit https://ift.tt/iYmvsTg
https://ift.tt/liUMHLG
Submitted January 12, 2026 at 07:50PM by toyojuni
via reddit https://ift.tt/iYmvsTg
GMO Flatt Security Research
Pwning Claude Code in 8 Different Ways
Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without my approval.
Since I wasn’t using the permission bypass…
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without my approval.
Since I wasn’t using the permission bypass…
EDR Silencing
https://ift.tt/4Lv8nNO
Submitted January 12, 2026 at 10:05PM by netbiosX
via reddit https://ift.tt/w7Bq85t
https://ift.tt/4Lv8nNO
Submitted January 12, 2026 at 10:05PM by netbiosX
via reddit https://ift.tt/w7Bq85t
Purple Team
EDR Silencing
Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and re…
Microsoft Bug Bounty.
https://ift.tt/Bgx1XnM
Submitted January 12, 2026 at 09:53PM by Orange2194
via reddit https://ift.tt/QVCGD2J
https://ift.tt/Bgx1XnM
Submitted January 12, 2026 at 09:53PM by Orange2194
via reddit https://ift.tt/QVCGD2J
OID-See: Giving Your OAuth Apps the Side-Eye
https://ift.tt/rxpGt27
Submitted January 12, 2026 at 10:53PM by AlmondOffSec
via reddit https://ift.tt/47uRZCY
https://ift.tt/rxpGt27
Submitted January 12, 2026 at 10:53PM by AlmondOffSec
via reddit https://ift.tt/47uRZCY
CirriusTech | Serious About Tech
OID-See: Giving Your OAuth Apps the Side-Eye
OID-See or BloodHound for OAuth in Entra: mapping consent, scopes, assignments, and trust signals into a graph so you can spot impersonation risk and OAuth sprawl.
Game-theoretic feedback loops for LLM-based pentesting: doubling success rates in test ranges
https://ift.tt/RCniDHr
Submitted January 12, 2026 at 11:46PM by Obvious-Language4462
via reddit https://ift.tt/XP5p67T
https://ift.tt/RCniDHr
Submitted January 12, 2026 at 11:46PM by Obvious-Language4462
via reddit https://ift.tt/XP5p67T
Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique
https://ift.tt/jaDMBFO
Submitted January 13, 2026 at 12:34AM by bagaudin
via reddit https://ift.tt/rW4STQL
https://ift.tt/jaDMBFO
Submitted January 13, 2026 at 12:34AM by bagaudin
via reddit https://ift.tt/rW4STQL
Acronis
Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
A common denominator in AI agent framework CVEs: Validation
https://ift.tt/8F0vA5z
Submitted January 13, 2026 at 12:33AM by Impossible_Ant1595
via reddit https://ift.tt/kGDAczo
https://ift.tt/8F0vA5z
Submitted January 13, 2026 at 12:33AM by Impossible_Ant1595
via reddit https://ift.tt/kGDAczo
Niyikiza
The Map is not the Territory: The Agent-Tool Trust Boundary
Or Why You Can't Regex Your Way to Agent Security
Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE
https://securityonline.info/double-critical-hardcoded-secrets-expose-ruckus-iot-controllers-to-root-rce/
Submitted January 13, 2026 at 08:31PM by div3rto
via reddit https://ift.tt/IyQpnxr
https://securityonline.info/double-critical-hardcoded-secrets-expose-ruckus-iot-controllers-to-root-rce/
Submitted January 13, 2026 at 08:31PM by div3rto
via reddit https://ift.tt/IyQpnxr
Daily CyberSecurity
Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE
Two CVSS 10 flaws (CVE-2025-69425 & CVE-2025-69426) hit Ruckus vRIoT. Hardcoded secrets allow attackers to seize root access. Update to v3.0.0.0 now.
Cyberbro v0.10.2 Released | GUI enhancements, MCP, Threat Intel tool | Open Source Security Atlas
https://ift.tt/92GXnQg
Submitted January 13, 2026 at 09:51PM by stan_frbd
via reddit https://ift.tt/8TnojNZ
https://ift.tt/92GXnQg
Submitted January 13, 2026 at 09:51PM by stan_frbd
via reddit https://ift.tt/8TnojNZ
Opensecatlas
Open Source Security Atlas | Free Security Tools Directory & Newsletter
The largest free directory of open source security tools. Join 2,600+ professionals who get a weekly, expert-curated newsletter of the best tools.
CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM
https://ift.tt/Dzurex6
Submitted January 14, 2026 at 12:02AM by scopedsecurity
via reddit https://ift.tt/eu1yOK7
https://ift.tt/Dzurex6
Submitted January 14, 2026 at 12:02AM by scopedsecurity
via reddit https://ift.tt/eu1yOK7
Horizon3.ai
CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM
Horizon3.ai details CVE-2025-64155, revealing chained FortiSIEM vulnerabilities enabling remote code execution and root access, analysis of the root cause, and indicators of compromise.
Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all
https://ift.tt/HPJmOQa
Submitted January 14, 2026 at 03:00PM by security_aaudit
via reddit https://ift.tt/gSJyLip
https://ift.tt/HPJmOQa
Submitted January 14, 2026 at 03:00PM by security_aaudit
via reddit https://ift.tt/gSJyLip
baldur.dk
BALDUR. - Security Consultancy
Fortinet EMS Remote Code Execution. How one tiny img tag was all we needed to escalate our access to a full remote code execution.
Bad Vibes: Comparing the Secure Coding Capabilities of Popular Coding Agents
https://ift.tt/rBftWLw
Submitted January 14, 2026 at 06:35PM by oridavid1231
via reddit https://ift.tt/benxQZu
https://ift.tt/rBftWLw
Submitted January 14, 2026 at 06:35PM by oridavid1231
via reddit https://ift.tt/benxQZu
Tenzai Research
We analyzed the security of AI coding agents. The result: broken auth, SSRF, and missing defenses.
Tenzai researchers tested Cursor, Claude Code, Codex, Replit, and Devin. Every AI coding agent shipped vulnerable code. Here’s what broke - and why it matters.
I'm The Captain Now: Hijacking a global ocean supply chain network
https://ift.tt/cHBRzQI
Submitted January 14, 2026 at 08:48PM by EatonZ
via reddit https://ift.tt/D9RwGOj
https://ift.tt/cHBRzQI
Submitted January 14, 2026 at 08:48PM by EatonZ
via reddit https://ift.tt/D9RwGOj
Eaton-Works
I’m The Captain Now: Hijacking a global ocean supply chain network
Exploring security blunders in Bluspark Global’s BLUVOYIX, an ocean logistics / supply chain platform used by hundreds of the world’s largest companies.
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ift.tt/za7ou1S
Submitted January 14, 2026 at 08:43PM by smaury
via reddit https://ift.tt/kgPwb16
https://ift.tt/za7ou1S
Submitted January 14, 2026 at 08:43PM by smaury
via reddit https://ift.tt/kgPwb16
Youssef Sammouda (sam0) personal blog
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
Introduction