Fun RCE in Command & Conquer: Generals
https://ift.tt/48ECdTm
Submitted January 28, 2026 at 09:32PM by jordan9001
via reddit https://ift.tt/sqkQdJE
https://ift.tt/48ECdTm
Submitted January 28, 2026 at 09:32PM by jordan9001
via reddit https://ift.tt/sqkQdJE
Atredis Partners
General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security…
Limits of static guarantees under adaptive adversaries (G-CTR experience)
https://ift.tt/wOtMVy7
Submitted January 28, 2026 at 10:51PM by Obvious-Language4462
via reddit https://ift.tt/PnICtVD
https://ift.tt/wOtMVy7
Submitted January 28, 2026 at 10:51PM by Obvious-Language4462
via reddit https://ift.tt/PnICtVD
arXiv.org
Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense
AI-driven penetration testing now executes thousands of actions per hour but still lacks the strategic intuition humans apply in competitive security. To build cybersecurity superintelligence...
Tycoon 2FA phishing campaign abusing *.contractors domains for Gmail & Microsoft 365 credential harvesting
https://ift.tt/Ywzp2iv
Submitted January 29, 2026 at 04:55AM by anuraggawande
via reddit https://ift.tt/q5dALMQ
https://ift.tt/Ywzp2iv
Submitted January 29, 2026 at 04:55AM by anuraggawande
via reddit https://ift.tt/q5dALMQ
Malware Analysis, Phishing, and Email Scams
Tycoon 2FA Campaign Abusing *.contractors Domains for Gmail and Microsoft 365 Credential Harvesting
Overview Over the past few weeks, I have been tracking a credential harvesting campaign that repeatedly abuses newly registered *.contractors domains to deliver Gmail and Microsoft 365/Outlook phis…
Requesting security review: zero-knowledge one-time secret sharing tool
https://ift.tt/16FOK9q
Submitted January 29, 2026 at 10:12AM by iamnotatalker
via reddit https://ift.tt/WXDnS5z
https://ift.tt/16FOK9q
Submitted January 29, 2026 at 10:12AM by iamnotatalker
via reddit https://ift.tt/WXDnS5z
Sharemylogin
ShareMyLogin | Zero-Knowledge Credential Sharing
Share passwords and credentials securely with self-destructing, encrypted links. Zero-knowledge encryption means we never see your data.
Gakido - CRLF Injection
https://ift.tt/sypmv72
Submitted January 29, 2026 at 03:07PM by c0daman
via reddit https://ift.tt/Xio7vwT
https://ift.tt/sypmv72
Submitted January 29, 2026 at 03:07PM by c0daman
via reddit https://ift.tt/Xio7vwT
Rosecurify
Gakido - CRLF Injection
Security research, vulnerability disclosures, and application security insights.
One-click RCE on Clawd/Moltbot in 2 hours with an AI Hacking Agent
https://ift.tt/ozeVt3B
Submitted January 29, 2026 at 04:24PM by matosd
via reddit https://ift.tt/odbGNM0
https://ift.tt/ozeVt3B
Submitted January 29, 2026 at 04:24PM by matosd
via reddit https://ift.tt/odbGNM0
Ethiack
One-click RCE on Clawd/Moltbot in under 2 hours with an Autonomous Hacking Agent | Ethiack — Autonomous Ethical Hacking for continuous…
Our AI pentester, Hackian, found a RCE on Clawdbot/Moltbot by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.
Tool release: CVE Alert – targeted CVE email alerts by vendor/product
https://ift.tt/unR6qo9
Submitted January 30, 2026 at 01:20AM by CarlVon77
via reddit https://ift.tt/D83dLrH
https://ift.tt/unR6qo9
Submitted January 30, 2026 at 01:20AM by CarlVon77
via reddit https://ift.tt/D83dLrH
CVE Alert System
CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time with vendor/product subscriptions and email notifications.
Object-capability SQL sandboxing for LLM agents — $1K CTF bounty to break it
https://ift.tt/CngFqIu
Submitted January 30, 2026 at 05:01AM by ryanrasti
via reddit https://ift.tt/Pvy4XrU
https://ift.tt/CngFqIu
Submitted January 30, 2026 at 05:01AM by ryanrasti
via reddit https://ift.tt/Pvy4XrU
Ryanrasti
Object-Capability SQL Sandboxing for LLM Agents
A defensive technique for constraining LLM agent database access using object-capabilities, plus a live CTF challenge.
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice
https://ift.tt/JUHAWlK
Submitted January 30, 2026 at 08:17PM by tmlxs
via reddit https://ift.tt/G1hHolB
https://ift.tt/JUHAWlK
Submitted January 30, 2026 at 08:17PM by tmlxs
via reddit https://ift.tt/G1hHolB
Kudelskisecurity
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice - Kudelski Security Research Center
Jan 15, 2026 - Nils Amiet -
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
https://ift.tt/MRsKBxm
Submitted January 30, 2026 at 09:47PM by dx7r__
via reddit https://ift.tt/5Lp1bPM
https://ift.tt/MRsKBxm
Submitted January 30, 2026 at 09:47PM by dx7r__
via reddit https://ift.tt/5Lp1bPM
watchTowr Labs
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief.
Clearly, the universe had decided to continue mocking…
Clearly, the universe had decided to continue mocking…
WaPo Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
https://ift.tt/QVglH3I
Submitted January 31, 2026 at 01:06AM by eatfruitallday
via reddit https://ift.tt/jfRMZnP
https://ift.tt/QVglH3I
Submitted January 31, 2026 at 01:06AM by eatfruitallday
via reddit https://ift.tt/jfRMZnP
The Intercept
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
The search warrant to raid a Washington Post reporter’s home shows how authorities can open your phone without your consent.
Need Advice
https://ift.tt/Lcx2NOR
Submitted January 31, 2026 at 04:43AM by Apprehensive-Log4564
via reddit https://ift.tt/B3VOkUT
https://ift.tt/Lcx2NOR
Submitted January 31, 2026 at 04:43AM by Apprehensive-Log4564
via reddit https://ift.tt/B3VOkUT
Zenodo
Prior Art / Defensive Publication to Prevent Patent Applications on BGP Tool
This work introduces a predictive BGP security intelligence approach whose core idea is the systematic mapping of Internet routing risk zones — specific ASNs, prefixes, and topological regions of the global BGP graph where routing attacks are most likely…
Ex-Google engineer convicted of insider exfiltration of AI trade secrets
https://ift.tt/X2fMJnc
Submitted January 31, 2026 at 07:05AM by Express_Classic_1569
via reddit https://ift.tt/oDSVKq6
https://ift.tt/X2fMJnc
Submitted January 31, 2026 at 07:05AM by Express_Classic_1569
via reddit https://ift.tt/oDSVKq6
PeakD
Ex-Google Engineer Arrested for Stealing AI Trade Secrets | PeakD
Imagine working at one of the biggest tech companies in the world, only to get caught red-handed stealing their prized... by justmythoughts
StopLamers Investigation: From IRC Wars to Android Backdoors
https://ift.tt/HzvNd95
Submitted January 31, 2026 at 09:36PM by datapeice
via reddit https://ift.tt/V7mBZ4g
https://ift.tt/HzvNd95
Submitted January 31, 2026 at 09:36PM by datapeice
via reddit https://ift.tt/V7mBZ4g
datapeice.me
StopLamers Investigation: From IRC Wars to Android Backdoors
A detailed technical analysis of the StopLamers group's evolution, analysis of their flagship SeksVirus trojan, and investigation of destructive campaigns against Linux and Android communities.
DOJ releases details alleged talented hacker working for Jeffrey Epstein
https://ift.tt/wiRdPJV
Submitted February 01, 2026 at 08:42AM by Dry_Row_7050
via reddit https://ift.tt/bFA2XmE
https://ift.tt/wiRdPJV
Submitted February 01, 2026 at 08:42AM by Dry_Row_7050
via reddit https://ift.tt/bFA2XmE
Security Affairs
DOJ releases details alleged talented hacker working for Jeffrey Epstein
An FBI informant said in 2017 that Jeffrey Epstein had a “personal hacker,” according to a Justice Department document released Friday.
We ran a live red-team vs blue-team test on autonomous OpenClaw agents
https://ift.tt/lLhnNAd
Submitted February 01, 2026 at 06:49PM by Uditakhourii
via reddit https://ift.tt/aDpjouJ
https://ift.tt/lLhnNAd
Submitted February 01, 2026 at 06:49PM by Uditakhourii
via reddit https://ift.tt/aDpjouJ
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/WpCKJZn
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/WpCKJZn
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Comparing different IP Geolocation Provider's Accuracy
https://ift.tt/zZPiOVM
Submitted February 01, 2026 at 11:09PM by incolumitas
via reddit https://ift.tt/fciEZ3w
https://ift.tt/zZPiOVM
Submitted February 01, 2026 at 11:09PM by incolumitas
via reddit https://ift.tt/fciEZ3w
ipapi.is
ipapi.is - On IP Geolocation Accuracy: A Comparative Study
ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.
1-Click RCE in OpenClaw/Moltbot/ClawdBot
https://ift.tt/P68eVRJ
Submitted February 01, 2026 at 11:42PM by va_start
via reddit https://ift.tt/ZFzBp24
https://ift.tt/P68eVRJ
Submitted February 01, 2026 at 11:42PM by va_start
via reddit https://ift.tt/ZFzBp24
Depthfirst
depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys
A technical teardown of a 1-click RCE against OpenClaw (formerly Moltbot/ClawdBot), a viral open-source AI assistant trusted by 100,000+ developers with high-privilege access. See how a settings logic flaw and a WebSocket pivot turn a single webpage visit…
Notepad++ Hijacked by State-Sponsored Hackers
https://ift.tt/pfUOB7d
Submitted February 02, 2026 at 07:50AM by thewhippersnapper4
via reddit https://ift.tt/htKp0bB
https://ift.tt/pfUOB7d
Submitted February 02, 2026 at 07:50AM by thewhippersnapper4
via reddit https://ift.tt/htKp0bB
Your Phone Silently Sends GPS to Your Carrier via RRLP/LPP – Here's How the Control Plane Positioning Works
https://ift.tt/XfRGxQy
Submitted February 02, 2026 at 12:12PM by Upper-Host3983
via reddit https://ift.tt/wEPD0ov
https://ift.tt/XfRGxQy
Submitted February 02, 2026 at 12:12PM by Upper-Host3983
via reddit https://ift.tt/wEPD0ov
Sudheer Singh
Your Phone Silently Sends GPS to Your Carrier — Here's How
RRLP and LPP protocols let carriers silently extract your precise GPS location. No app permissions, no notification. Here's the technical breakdown.