Netsec
@RNetsec
7.47K subscribers
22.5K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.47K subscribers
Netsec
Blind Boolean-Based Prompt Injection
https://ift.tt/bvTJQGP

Submitted January 26, 2026 at 07:45PM by -rootcauz-
via reddit https://ift.tt/X2tfYkr
Medium
Blind Boolean-Based Prompt Injection
In this post, I introduce and demonstrate the attack method Blind Boolean-Based Prompt Injection (BBPI) which is a prompt injection…
453 views
Netsec
CVE-2025-40551: SolarWinds WebHelpDesk RCE Deep-Dive and Indicators of Compromise
https://ift.tt/TKcnfpm

Submitted January 28, 2026 at 10:19PM by scopedsecurity
via reddit https://ift.tt/uMqw5zb
Horizon3.ai
CVE-2025-40551: SolarWinds WHD RCE
Horizon3.ai discovered multiple vulnerabilities in SolarWinds Web Help Desk that enable unauthenticated remote code execution.
430 views
Netsec
Fun RCE in Command & Conquer: Generals
https://ift.tt/48ECdTm

Submitted January 28, 2026 at 09:32PM by jordan9001
via reddit https://ift.tt/sqkQdJE
Atredis Partners
General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security…
453 views
Netsec
Limits of static guarantees under adaptive adversaries (G-CTR experience)
https://ift.tt/wOtMVy7

Submitted January 28, 2026 at 10:51PM by Obvious-Language4462
via reddit https://ift.tt/PnICtVD
arXiv.org
Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense
AI-driven penetration testing now executes thousands of actions per hour but still lacks the strategic intuition humans apply in competitive security. To build cybersecurity superintelligence...
488 views
Netsec
Tycoon 2FA phishing campaign abusing *.contractors domains for Gmail & Microsoft 365 credential harvesting
https://ift.tt/Ywzp2iv

Submitted January 29, 2026 at 04:55AM by anuraggawande
via reddit https://ift.tt/q5dALMQ
Malware Analysis, Phishing, and Email Scams
Tycoon 2FA Campaign Abusing *.contractors Domains for Gmail and Microsoft 365 Credential Harvesting
Overview Over the past few weeks, I have been tracking a credential harvesting campaign that repeatedly abuses newly registered *.contractors domains to deliver Gmail and Microsoft 365/Outlook phis…
1.06K views
Netsec
Requesting security review: zero-knowledge one-time secret sharing tool
https://ift.tt/16FOK9q

Submitted January 29, 2026 at 10:12AM by iamnotatalker
via reddit https://ift.tt/WXDnS5z
Sharemylogin
ShareMyLogin | Zero-Knowledge Credential Sharing
Share passwords and credentials securely with self-destructing, encrypted links. Zero-knowledge encryption means we never see your data.
460 views
Netsec
Gakido - CRLF Injection
https://ift.tt/sypmv72

Submitted January 29, 2026 at 03:07PM by c0daman
via reddit https://ift.tt/Xio7vwT
Rosecurify
Gakido - CRLF Injection
Security research, vulnerability disclosures, and application security insights.
474 views
Netsec
One-click RCE on Clawd/Moltbot in 2 hours with an AI Hacking Agent
https://ift.tt/ozeVt3B

Submitted January 29, 2026 at 04:24PM by matosd
via reddit https://ift.tt/odbGNM0
Ethiack
One-click RCE on Clawd/Moltbot in under 2 hours with an Autonomous Hacking Agent | Ethiack — Autonomous Ethical Hacking for continuous…
Our AI pentester, Hackian, found a RCE on Clawdbot/Moltbot by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.
515 views
Netsec
Tool release: CVE Alert – targeted CVE email alerts by vendor/product
https://ift.tt/unR6qo9

Submitted January 30, 2026 at 01:20AM by CarlVon77
via reddit https://ift.tt/D83dLrH
CVE Alert System
CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time with vendor/product subscriptions and email notifications.
505 views
Netsec
Object-capability SQL sandboxing for LLM agents — $1K CTF bounty to break it
https://ift.tt/CngFqIu

Submitted January 30, 2026 at 05:01AM by ryanrasti
via reddit https://ift.tt/Pvy4XrU
Ryanrasti
Object-Capability SQL Sandboxing for LLM Agents
A defensive technique for constraining LLM agent database access using object-capabilities, plus a live CTF challenge.
553 views
Netsec
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice
https://ift.tt/JUHAWlK

Submitted January 30, 2026 at 08:17PM by tmlxs
via reddit https://ift.tt/G1hHolB
Kudelskisecurity
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice - Kudelski Security Research Center
Jan 15, 2026 - Nils Amiet -
466 views
Netsec
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
https://ift.tt/MRsKBxm

Submitted January 30, 2026 at 09:47PM by dx7r__
via reddit https://ift.tt/5Lp1bPM
watchTowr Labs
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief.

Clearly, the universe had decided to continue mocking…
451 views
Netsec
WaPo Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
https://ift.tt/QVglH3I

Submitted January 31, 2026 at 01:06AM by eatfruitallday
via reddit https://ift.tt/jfRMZnP
The Intercept
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
The search warrant to raid a Washington Post reporter’s home shows how authorities can open your phone without your consent.
457 views
Netsec
Need Advice
https://ift.tt/Lcx2NOR

Submitted January 31, 2026 at 04:43AM by Apprehensive-Log4564
via reddit https://ift.tt/B3VOkUT
Zenodo
Prior Art / Defensive Publication to Prevent Patent Applications on BGP Tool
This work introduces a predictive BGP security intelligence approach whose core idea is the systematic mapping of Internet routing risk zones — specific ASNs, prefixes, and topological regions of the global BGP graph where routing attacks are most likely…
451 views
Netsec
Ex-Google engineer convicted of insider exfiltration of AI trade secrets
https://ift.tt/X2fMJnc

Submitted January 31, 2026 at 07:05AM by Express_Classic_1569
via reddit https://ift.tt/oDSVKq6
PeakD
Ex-Google Engineer Arrested for Stealing AI Trade Secrets | PeakD
Imagine working at one of the biggest tech companies in the world, only to get caught red-handed stealing their prized... by justmythoughts
473 views
Netsec
StopLamers Investigation: From IRC Wars to Android Backdoors
https://ift.tt/HzvNd95

Submitted January 31, 2026 at 09:36PM by datapeice
via reddit https://ift.tt/V7mBZ4g
datapeice.me
StopLamers Investigation: From IRC Wars to Android Backdoors
A detailed technical analysis of the StopLamers group's evolution, analysis of their flagship SeksVirus trojan, and investigation of destructive campaigns against Linux and Android communities.
431 views
Netsec
DOJ releases details alleged talented hacker working for Jeffrey Epstein
https://ift.tt/wiRdPJV

Submitted February 01, 2026 at 08:42AM by Dry_Row_7050
via reddit https://ift.tt/bFA2XmE
Security Affairs
DOJ releases details alleged talented hacker working for Jeffrey Epstein
An FBI informant said in 2017 that Jeffrey Epstein had a “personal hacker,” according to a Justice Department document released Friday.
431 views
Netsec
We ran a live red-team vs blue-team test on autonomous OpenClaw agents
https://ift.tt/lLhnNAd

Submitted February 01, 2026 at 06:49PM by Uditakhourii
via reddit https://ift.tt/aDpjouJ
378 views
Netsec
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted February 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/WpCKJZn
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
420 views
Netsec
Comparing different IP Geolocation Provider's Accuracy
https://ift.tt/zZPiOVM

Submitted February 01, 2026 at 11:09PM by incolumitas
via reddit https://ift.tt/fciEZ3w
ipapi.is
ipapi.is - On IP Geolocation Accuracy: A Comparative Study
ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.
708 views
Netsec
1-Click RCE in OpenClaw/Moltbot/ClawdBot
https://ift.tt/P68eVRJ

Submitted February 01, 2026 at 11:42PM by va_start
via reddit https://ift.tt/ZFzBp24
Depthfirst
depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys
A technical teardown of a 1-click RCE against OpenClaw (formerly Moltbot/ClawdBot), a viral open-source AI assistant trusted by 100,000+ developers with high-privilege access. See how a settings logic flaw and a WebSocket pivot turn a single webpage visit…
656 views