Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
https://ift.tt/MYxrjzO
Submitted 2026-02-26T09:48:43+00:00 by _vavkamil_
via reddit https://ift.tt/iQb8nDI
https://ift.tt/MYxrjzO
Submitted 2026-02-26T09:48:43+00:00 by _vavkamil_
via reddit https://ift.tt/iQb8nDI
Trufflesecurity
Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.
Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.
We audited 1,620 OpenClaw skills. The ecosystem's safety scanner labels 91% of confirmed threats "benign." [full reports linked]
https://ift.tt/9otbPiL
Submitted 2026-02-26T14:50:23+00:00 by Ok-Form1598
via reddit https://ift.tt/83Oxykp
https://ift.tt/9otbPiL
Submitted 2026-02-26T14:50:23+00:00 by Ok-Form1598
via reddit https://ift.tt/83Oxykp
Oathe
The Malware Isn't in the Code — Oathe Engineering
We audited 1,620 AI agent skills. The leading security scanner missed 91% of the threats.
Reverse Engineering Garmin Watch Applications with Ghidra
https://ift.tt/VwUzK8n
Submitted 2026-02-26T16:15:05+00:00 by anvilventures
via reddit https://ift.tt/PFlgALa
https://ift.tt/VwUzK8n
Submitted 2026-02-26T16:15:05+00:00 by anvilventures
via reddit https://ift.tt/PFlgALa
Anvil Secure
Reverse Engineering Garmin Watch Applications with Ghidra - Anvil Secure
Luigi Fragale introduces a custom Ghidra processor and loader for reverse engineering Garmin watch application binaries.
New Malware - Moonrise Analysis
https://ift.tt/MXuHaEz
Submitted February 27, 2026 at 01:25AM by Deciqher_
via reddit https://ift.tt/UDoruVH
https://ift.tt/MXuHaEz
Submitted February 27, 2026 at 01:25AM by Deciqher_
via reddit https://ift.tt/UDoruVH
Evalian®
Moonrise remote access trojan analysis: live surveillance and crypto theft capabilities
Technical analysis of the Moonrise remote access trojan, including WebSocket C2 architecture, JSON command schema, surveillance features and crypto theft risk.
Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection
https://ift.tt/WSdTq3m
Submitted February 27, 2026 at 12:51AM by thecanonicalmg
via reddit https://ift.tt/jn6m7OQ
https://ift.tt/WSdTq3m
Submitted February 27, 2026 at 12:51AM by thecanonicalmg
via reddit https://ift.tt/jn6m7OQ
Moltwire
Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection
A systematic evaluation of five frontier models across two encoding schemes, four hint levels, and tool use ablation — 8,308 graded outputs with full statistical analysis
From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510)
https://ift.tt/Zjh2urY
Submitted February 27, 2026 at 12:49AM by WiseTuna
via reddit https://ift.tt/wOEBsW7
https://ift.tt/Zjh2urY
Submitted February 27, 2026 at 12:49AM by WiseTuna
via reddit https://ift.tt/wOEBsW7
We scanned 6,500+ ClawHub skills. 36% have security flaws. Built a Free Community run scanner to catch them before they execute
https://clawned.io
Submitted February 27, 2026 at 01:19PM by kinso1338
via reddit https://ift.tt/JtWdDoa
https://clawned.io
Submitted February 27, 2026 at 01:19PM by kinso1338
via reddit https://ift.tt/JtWdDoa
Clawned
Clawned — OpenClaw & ClawHub Security Scanner
Free scanner for OpenClaw skills and ClawHub packages. 230+ malicious skills blocked. 60+ threat patterns detected in seconds.
Uncovering a Global macOS Malware Campaign
https://ift.tt/ZDSe1cz
Submitted February 27, 2026 at 04:46PM by RiddleMeDisk
via reddit https://ift.tt/4qVzEd6
https://ift.tt/ZDSe1cz
Submitted February 27, 2026 at 04:46PM by RiddleMeDisk
via reddit https://ift.tt/4qVzEd6
Substack
The "Ghost" in the Annotations
Uncovering a Global macOS Malware Campaign
Bypassing Apache FOP Postscript Escaping to reach GhostScript
https://ift.tt/ea45gsC
Submitted February 27, 2026 at 05:59PM by AlmondOffSec
via reddit https://ift.tt/H5W81mY
https://ift.tt/ea45gsC
Submitted February 27, 2026 at 05:59PM by AlmondOffSec
via reddit https://ift.tt/H5W81mY
Twitch Ships Server-Side Eppo Keys in Its iOS App, Exposing Its Entire Product Roadmap
https://ift.tt/5E8iCB2
Submitted February 27, 2026 at 06:56PM by AdTemporary2475
via reddit https://ift.tt/8QbJeuK
https://ift.tt/5E8iCB2
Submitted February 27, 2026 at 06:56PM by AdTemporary2475
via reddit https://ift.tt/8QbJeuK
Buchodi's Threat Intel
Twitch Ships Server-Side Eppo Keys in Its iOS App, Exposing Its Entire Product Roadmap
How a one-character configuration mistake turns feature flags into a competitive intelligence feed
The Twitch iOS application initializes the Eppo feature flagging SDK (now a Datadog product) using server-side SDK Keys instead of Client Tokens. This means…
The Twitch iOS application initializes the Eppo feature flagging SDK (now a Datadog product) using server-side SDK Keys instead of Client Tokens. This means…
The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting
https://r3verii.github.io/cve/2026/02/27/nodejs-toctou.html
Submitted February 27, 2026 at 11:28PM by r3verii
via reddit https://ift.tt/rMp2wcY
https://r3verii.github.io/cve/2026/02/27/nodejs-toctou.html
Submitted February 27, 2026 at 11:28PM by r3verii
via reddit https://ift.tt/rMp2wcY
CyberSec Notes
The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting
Deep dive into a TOCTOU vulnerability in Node.js’s ClientRequest.path that bypasses CRLF validation and enables Header Injection and HTTP Request Splitting across 7+ major HTTP libraries totaling 160M+ weekly downloads.
I used MCP Ghidra and Claude Code to find 9 kernel driver vulnerabilities on my gaming laptop
https://ift.tt/Ud7Wzls
Submitted February 28, 2026 at 08:40PM by Mindless-Study1898
via reddit https://ift.tt/gUnYQ4O
https://ift.tt/Ud7Wzls
Submitted February 28, 2026 at 08:40PM by Mindless-Study1898
via reddit https://ift.tt/gUnYQ4O
Cred Relay
Cred Relay Issue #2
Reverse engineering kernel drivers with MCP Ghidra and Claude Code
Network Security News Feed
https://ift.tt/byimBlK
Submitted March 1, 2026 at 02:03AM by kivarada
via reddit https://ift.tt/9iOIb0a
https://ift.tt/byimBlK
Submitted March 1, 2026 at 02:03AM by kivarada
via reddit https://ift.tt/9iOIb0a
insidestack.it
InsideStack | The Latest in Tech
InsideStack delivers the latest technology news, insights, and trends in one place.
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted March 1, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/NyTWaVC
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted March 1, 2026 at 07:59PM by albinowax
via reddit https://ift.tt/NyTWaVC
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Google and Cloudflare testing Merkel Tree Certificates instead of normal signatures for TLS
https://ift.tt/zDGblBU
Submitted March 2, 2026 at 09:10PM by Shu_asha
via reddit https://ift.tt/UHFVd0a
https://ift.tt/zDGblBU
Submitted March 2, 2026 at 09:10PM by Shu_asha
via reddit https://ift.tt/UHFVd0a
The Cloudflare Blog
Keeping the Internet fast and secure- introducing Merkle Tree Certificates
Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.
Free browser-based steganography CTF generator create challenges with randomized encoding pipelines, auto-generated solutions, and progressive hints
https://8gwifi.org/ctf/stego-ctf-generator.jsp
Submitted March 2, 2026 at 08:52PM by anish2good
via reddit https://ift.tt/D2OlxV7
https://8gwifi.org/ctf/stego-ctf-generator.jsp
Submitted March 2, 2026 at 08:52PM by anish2good
via reddit https://ift.tt/D2OlxV7
8gwifi.org
Free Steganography CTF Generator - 34 Steps, 7 Levels
Generate stego CTF challenges: hide flags in images and audio with 34 steps across 7 levels. LSB, ciphers, tar/zip. Free JSON export with solutions and hints.
Built a free live CVE intelligence dashboard — looking for feedback
https://ift.tt/9I84BPD
Submitted March 3, 2026 at 06:02PM by Intelligent_Emu_8075
via reddit https://ift.tt/8oNfikM
https://ift.tt/9I84BPD
Submitted March 3, 2026 at 06:02PM by Intelligent_Emu_8075
via reddit https://ift.tt/8oNfikM
Leakycreds
Credential Leak Monitoring & Stealer Log Intelligence | LeakyCreds
Credential exposure intelligence with fast detection, scoring, and remediation workflows.
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs
https://ift.tt/gRIso1f
Submitted March 3, 2026 at 07:45PM by dx7r__
via reddit https://ift.tt/cuVlzSG
https://ift.tt/gRIso1f
Submitted March 3, 2026 at 07:45PM by dx7r__
via reddit https://ift.tt/cuVlzSG
watchTowr Labs
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE)
On today’s ‘good news disguised as other things’ segment, we’re turning our gaze to CVE-2026-21902 - a recently disclosed “Incorrect Permission Assignment for Critical Resource” vulnerability affecting Juniper’s Junos OS Evolved platform. This vulnerability…
Red Teaming LLM Web Apps with Promptfoo: Writing a Custom Provider for Real-World Pentesting
https://ift.tt/k49lPox
Submitted March 3, 2026 at 09:18PM by adrian_rt
via reddit https://ift.tt/KOzkNo3
https://ift.tt/k49lPox
Submitted March 3, 2026 at 09:18PM by adrian_rt
via reddit https://ift.tt/KOzkNo3
FORTBRIDGE
LLM Red Teaming with Promptfoo: Custom Provider for Real Pentests
How we wrote a custom promptfoo provider to red team a non-standard 4-step LLM API during a real penetration test - with Burp Suite integration, local grading, and OWASP LLM Top 10 coverage.
IPVanish VPN macOS Privilege Escalation
https://ift.tt/Qph0Dsn
Submitted March 3, 2026 at 10:50PM by appsec1337
via reddit https://ift.tt/HT0bpuz
https://ift.tt/Qph0Dsn
Submitted March 3, 2026 at 10:50PM by appsec1337
via reddit https://ift.tt/HT0bpuz
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
IPVanish VPN macOS Privilege Escalation
The IPVanish VPN application for macOS contains a critical privilege escalation vulnerability that allows any unprivileged local process to execute arbitrary code as root without user interaction....
Generate 45+ honeytokens with no sign-up required and no paywall
https://ift.tt/9l8aECX
Submitted March 3, 2026 at 10:47PM by nwqd
via reddit https://ift.tt/p18WThG
https://ift.tt/9l8aECX
Submitted March 3, 2026 at 10:47PM by nwqd
via reddit https://ift.tt/p18WThG
NeroSwarm - Deception-as-a-Service
Free Cyber Deception Lab Tools | NeroSwarm Lab
Use the Deception Lab to launch practical security utilities, including honeytoken creation, reputation analysis, and guided deception testing workflows.