Alipay (1B+ users) DeepLink vulnerability allows silent GPS extraction via URL - 6 regulators now investigating, vendor says normal functionality
https://ift.tt/w09MokX
Submitted March 13, 2026 at 10:50PM by feng_sg
via reddit https://ift.tt/ZtpTsRD
https://ift.tt/w09MokX
Submitted March 13, 2026 at 10:50PM by feng_sg
via reddit https://ift.tt/ZtpTsRD
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
RegPwn - Windows LPE vulnerability (now fixed)
https://ift.tt/TOnHDYE
Submitted March 13, 2026 at 10:42PM by gid0rah
via reddit https://ift.tt/ChREyd2
https://ift.tt/TOnHDYE
Submitted March 13, 2026 at 10:42PM by gid0rah
via reddit https://ift.tt/ChREyd2
MDSec
RIP RegPwn - MDSec
13th March 2026 As part of MDSec’s R&D work, we often discover vulnerabilities and develop exploits to support our red team engagements. When researching widely used software, it is often...
OSS Cartography can now map AI agents to cloud attack paths
https://ift.tt/RnuSbQf
Submitted March 14, 2026 at 12:21AM by alexchantavy
via reddit https://ift.tt/FdaDTlA
https://ift.tt/RnuSbQf
Submitted March 14, 2026 at 12:21AM by alexchantavy
via reddit https://ift.tt/FdaDTlA
Cartography
Mapping production AI agents to IAM roles, tools, and network exposure
Open source Cartography now discovers AI agents in container images and connects them to IAM roles, tools, and network exposure in the infrastructure graph.
Phishing campaign abusing Google Cloud Storage redirectors to multiple scam pages
https://ift.tt/jAFhPtn
Submitted March 14, 2026 at 03:25AM by anuraggawande
via reddit https://ift.tt/gI5GrDY
https://ift.tt/jAFhPtn
Submitted March 14, 2026 at 03:25AM by anuraggawande
via reddit https://ift.tt/gI5GrDY
Malware Analysis, Phishing, and Email Scams
Ongoing Phishing Campaign Abusing Google Cloud Storage to Redirect Users to Multiple Scam Pages
A few days ago, I published a blog analyzing a phishing campaign abusing Google Cloud infrastructure: While continuing to monitor the infrastructure used in that campaign, I discovered several addi…
I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites
https://ift.tt/srjqCXL
Submitted March 14, 2026 at 04:24AM by Grand_Fan_9804
via reddit https://ift.tt/Ap5GgTh
https://ift.tt/srjqCXL
Submitted March 14, 2026 at 04:24AM by Grand_Fan_9804
via reddit https://ift.tt/Ap5GgTh
benzimmermann.dev
I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites - Ben Zimmermann
A systematic audit of Algolia DocSearch found 39 admin API keys exposed across projects like Home Assistant, KEDA, and vcluster.
Technical challenge: Can a blockchain-published account be traced to its IP? (20,000 QORT bounty)
https://ift.tt/I8wurhA
Submitted March 14, 2026 at 03:51AM by George_Qortal
via reddit https://ift.tt/sxX3Qyu
https://ift.tt/I8wurhA
Submitted March 14, 2026 at 03:51AM by George_Qortal
via reddit https://ift.tt/sxX3Qyu
qortal.dev
Learn About Or Install Qortal - The Most User-Friendly Web3 Project!
Discover Qortal, the gateway to Web3 innovation. Explore our easy-to-use platform for seamless access to decentralized applications.
Looking for an arXiv cs.CR endorser
https://ift.tt/KMqkI3n
Submitted March 14, 2026 at 02:06PM by An1m3sh
via reddit https://ift.tt/48YSZUf
https://ift.tt/KMqkI3n
Submitted March 14, 2026 at 02:06PM by An1m3sh
via reddit https://ift.tt/48YSZUf
Analysis of 1,808 MCP servers: 66% had security findings, 427 critical (tool poisoning, toxic data flows, code execution)
https://ift.tt/9u8N5rV
Submitted March 15, 2026 at 04:12AM by Kind-Release-3817
via reddit https://ift.tt/v6QmxJA
https://ift.tt/9u8N5rV
Submitted March 15, 2026 at 04:12AM by Kind-Release-3817
via reddit https://ift.tt/v6QmxJA
agentseal.org
AgentSeal - AI Agent Security Scanner
Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.
Quick question for people running CrowdStrike, Zscaler, Netskope or similar in production.
https://ift.tt/lZHQng7
Submitted March 15, 2026 at 09:40AM by makial00
via reddit https://ift.tt/CgAkYOh
https://ift.tt/lZHQng7
Submitted March 15, 2026 at 09:40AM by makial00
via reddit https://ift.tt/CgAkYOh
CrowdStrike.com
Charlotte AI: Agentic Analyst for Cybersecurity
Offload time-intensive work and accelerate security operations with an AI analyst for the CrowdStrike® Falcon platform.
CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build
https://ift.tt/lq4eD0P
Submitted March 15, 2026 at 12:05PM by cypressthatkid
via reddit https://ift.tt/6g2iRhD
https://ift.tt/lq4eD0P
Submitted March 15, 2026 at 12:05PM by cypressthatkid
via reddit https://ift.tt/6g2iRhD
Post AI Agent Hacked Amazon & McKinsey, I compiled a list of 5 situations where deploying agents can be catastrophic
https://ift.tt/jveZzQ4
Submitted March 15, 2026 at 03:41PM by Physical-Parfait9980
via reddit https://ift.tt/AMtrY3B
https://ift.tt/jveZzQ4
Submitted March 15, 2026 at 03:41PM by Physical-Parfait9980
via reddit https://ift.tt/AMtrY3B
GlassWorm V2 analysis: Part 2. Infrastructure rotation and GitHub injection
https://ift.tt/7M84xXv
Submitted March 15, 2026 at 07:21PM by Willing_Monitor5855
via reddit https://ift.tt/4Hm90MT
https://ift.tt/7M84xXv
Submitted March 15, 2026 at 07:21PM by Willing_Monitor5855
via reddit https://ift.tt/4Hm90MT
We audited authorization in 30 AI agent frameworks — 93% rely on unscoped API keys
https://ift.tt/QyIteEP
Submitted March 15, 2026 at 07:15PM by MousseSad4993
via reddit https://ift.tt/oXj8fRD
https://ift.tt/QyIteEP
Submitted March 15, 2026 at 07:15PM by MousseSad4993
via reddit https://ift.tt/oXj8fRD
grantex.dev
State of AI Agent Security 2026
We audited 30 AI agent projects. 93% use unscoped API keys with no per-agent identity, no consent, and no revocation.
The rise of malicious repositories on GitHub
https://ift.tt/Q6ab8T4
Submitted March 16, 2026 at 02:24AM by f311a
via reddit https://ift.tt/WNLYZac
https://ift.tt/Q6ab8T4
Submitted March 16, 2026 at 02:24AM by f311a
via reddit https://ift.tt/WNLYZac
Artem Golubin
The rise of malicious repositories on GitHub
An article about malicious repositories on GitHub
Perfex CRM: Autologin cookie fed into unserialize() gives unauthenticated RCE
https://ift.tt/YBJdxfA
Submitted March 16, 2026 at 04:32PM by nullcathedral
via reddit https://ift.tt/cCy80lH
https://ift.tt/YBJdxfA
Submitted March 16, 2026 at 04:32PM by nullcathedral
via reddit https://ift.tt/cCy80lH
NULL CATHEDRAL
Perfex CRM <=3.4.0 allows unauthenticated RCE via insecure deserialization
Perfex CRM passed the autologin cookie into unserialize() without validation, giving unauthenticated attackers remote code execution.
How Autonomous AI Just Made INC Ransomware Obsolete
https://ift.tt/tpxJ6RN
Submitted March 16, 2026 at 05:35PM by Mysterious_Salt395
via reddit https://ift.tt/ON1Ga56
https://ift.tt/tpxJ6RN
Submitted March 16, 2026 at 05:35PM by Mysterious_Salt395
via reddit https://ift.tt/ON1Ga56
Guardz.com
How Autonomous AI Just Made INC Ransomware Obsolete | Guardz.com
One of the core philosophies we implement at Guardz is the deep integration of security and intelligence teams with our proprietary AI capabilities. This
Hypervisor Based Defense
https://idov31.github.io/posts/hypervisor-based-defense
Submitted March 16, 2026 at 08:46PM by Idov31
via reddit https://ift.tt/DAYt4Wl
https://idov31.github.io/posts/hypervisor-based-defense
Submitted March 16, 2026 at 08:46PM by Idov31
via reddit https://ift.tt/DAYt4Wl
Reddit
From the netsec community on Reddit: Hypervisor Based Defense
Posted by Idov31 - 0 votes and 0 comments
GlassWorm: Part 3. Wave 3 Windows payload, sideloaded Chrome extension, two additional wallets
https://ift.tt/Mg28mRv
Submitted March 16, 2026 at 08:30PM by Willing_Monitor5855
via reddit https://ift.tt/FXtviJo
https://ift.tt/Mg28mRv
Submitted March 16, 2026 at 08:30PM by Willing_Monitor5855
via reddit https://ift.tt/FXtviJo
Qihoo 360's AI Product Leaked the Platform's SSL Key, Issued by Its Own CA Banned for Fraud
https://ift.tt/OxJPMVE
Submitted March 17, 2026 at 12:24AM by LostPrune2143
via reddit https://ift.tt/8T2CthY
https://ift.tt/OxJPMVE
Submitted March 17, 2026 at 12:24AM by LostPrune2143
via reddit https://ift.tt/8T2CthY
blog.barrack.ai
Qihoo 360's AI Product Leaked the Platform's SSL Key, Issued by Its Own CA Banned for Fraud | Barrack AI
Qihoo 360 shipped the wildcard SSL private key for *.myclaw.360.cn inside its AI assistant installer. The certificate was issued by WoTrus CA, Qihoo 360's own subsidiary, previously distrusted by Chrome, Firefox, and Safari under its former name WoSign for…
How to Apply VXLAN-GBP Encapsulation to PCAP Files Using PacketSmith
https://ift.tt/VDtKdJQ
Submitted March 17, 2026 at 03:35AM by MFMokbel
via reddit https://ift.tt/FqIawmG
https://ift.tt/VDtKdJQ
Submitted March 17, 2026 at 03:35AM by MFMokbel
via reddit https://ift.tt/FqIawmG
BIGO Ads Deploys C2-Style Infrastructure to Survive Domain Bans. Here's the Decrypted Config.
https://ift.tt/42dPRop
Submitted March 17, 2026 at 05:41AM by AdTemporary2475
via reddit https://ift.tt/F5Qt8Zf
https://ift.tt/42dPRop
Submitted March 17, 2026 at 05:41AM by AdTemporary2475
via reddit https://ift.tt/F5Qt8Zf
Buchodi's Threat Intel
BIGO Ads Deploys C2-Style Infrastructure to Survive Domain Bans. Here's the Decrypted Config.
The BIGO Ads SDK ships with an encrypted configuration file that maps out a global network of ad-serving domains, backup hosts, and failover infrastructure. The file is AES-encrypted with a hardcoded key, served from Alibaba Cloud, and designed to make the…