ThreatPad — an open-source, self-hosted note-taking app for CTI teams.
https://threat-pad-web.vercel.app/login
Submitted March 30, 2026 at 07:04PM by Remarkable_Pop3697
via reddit https://ift.tt/LieKgpG
https://threat-pad-web.vercel.app/login
Submitted March 30, 2026 at 07:04PM by Remarkable_Pop3697
via reddit https://ift.tt/LieKgpG
threat-pad-web.vercel.app
ThreatPad
Collaborative threat intelligence note-taking platform
An attack class that passes every current LLM filter
https://ift.tt/984tf2L
Submitted March 30, 2026 at 08:12PM by lurkyloon
via reddit https://ift.tt/CA94SQv
https://ift.tt/984tf2L
Submitted March 30, 2026 at 08:12PM by lurkyloon
via reddit https://ift.tt/CA94SQv
Shapingrooms
The Atmosphere Attack — Research — shapingrooms.com
Postural manipulation as a new attack class. Empirical record across four frontier models, propagation findings, six-layer defensive architecture. AG Davidson, 2026.
One POST request, six API keys: breaking into popular MCP servers
https://ift.tt/nO6LgaR
Submitted March 30, 2026 at 09:05PM by Kind-Release-3817
via reddit https://ift.tt/MDuCj8v
https://ift.tt/nO6LgaR
Submitted March 30, 2026 at 09:05PM by Kind-Release-3817
via reddit https://ift.tt/MDuCj8v
agentseal.org
AgentSeal - AI Agent Security Scanner
Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.
Vulnerability Research Is Cooked
https://ift.tt/Mvao5k0
Submitted March 31, 2026 at 12:18AM by YogiBerra88888
via reddit https://ift.tt/bxTA6Rg
https://ift.tt/Mvao5k0
Submitted March 31, 2026 at 12:18AM by YogiBerra88888
via reddit https://ift.tt/bxTA6Rg
sockpuppet.org
Vulnerability Research Is Cooked
red-run 2.0: Agent Teams
https://ift.tt/vubHMKf
Submitted March 31, 2026 at 12:14AM by aconite33
via reddit https://ift.tt/Qg8V03r
https://ift.tt/vubHMKf
Submitted March 31, 2026 at 12:14AM by aconite33
via reddit https://ift.tt/Qg8V03r
Blacklanternsecurity
red-run 2.0: Agent Teams
A Claude Code Agent Dashboard
OpenAI Codex: How a Branch Name Stole GitHub Tokens
https://ift.tt/GvykJnP
Submitted March 31, 2026 at 03:51AM by LostPrune2143
via reddit https://ift.tt/RlksfJ0
https://ift.tt/GvykJnP
Submitted March 31, 2026 at 03:51AM by LostPrune2143
via reddit https://ift.tt/RlksfJ0
blog.barrack.ai
OpenAI Codex: How a Branch Name Stole GitHub Tokens | Barrack AI
BeyondTrust Phantom Labs disclosed a critical command injection vulnerability in OpenAI Codex that allowed attackers to steal GitHub OAuth tokens through unsanitized branch names. The flaw affected ChatGPT, Codex CLI, SDK, and IDE extensions, and could scale…
Your Agent Runs Code You Never Wrote - Why agent isolation is a different problem
https://ift.tt/nt7J9Yp
Submitted March 31, 2026 at 10:41AM by bakibab
via reddit https://ift.tt/cvmb5qg
https://ift.tt/nt7J9Yp
Submitted March 31, 2026 at 10:41AM by bakibab
via reddit https://ift.tt/cvmb5qg
Substack
Your Agent Runs Code You Never Wrote
Containers, VMs, and serverless were built for code you wrote. Agents write their own.
Axios npm package compromised in supply chain attack. Downloads malware dropper package
https://ift.tt/erufC72
Submitted March 31, 2026 at 10:39AM by raptorhunter22
via reddit https://ift.tt/EI1tsSK
https://ift.tt/erufC72
Submitted March 31, 2026 at 10:39AM by raptorhunter22
via reddit https://ift.tt/EI1tsSK
The CyberSec Guru
Axios NPM Packages Compromised: Active Supply Chain Attack Alert | The CyberSec Guru
Axios NPM packages v1.14.1 and v0.30.4 compromised. Malicious plain-crypto-js@4.2.1 dependency injected. Full technical breakdown
Introducing the Rootkit Techniques Matrix and updates to the Guide
https://aibaranov.github.io/rootkit-matrix/
Submitted March 31, 2026 at 01:40PM by rkhunter_
via reddit https://ift.tt/nCvZosk
https://aibaranov.github.io/rootkit-matrix/
Submitted March 31, 2026 at 01:40PM by rkhunter_
via reddit https://ift.tt/nCvZosk
Home
Introducing the Rootkit Techniques Matrix and updates to the Guide
Common Entra ID Security Assessment Findings – Part 2: Privileged Unprotected Groups
https://ift.tt/jnx3smB
Submitted March 31, 2026 at 07:41PM by GonzoZH
via reddit https://ift.tt/QDnGtw1
https://ift.tt/jnx3smB
Submitted March 31, 2026 at 07:41PM by GonzoZH
via reddit https://ift.tt/QDnGtw1
Lesser-Known Military College Triumphs in Pentagon Student Hacking Contest
https://ift.tt/wDxpj89
Submitted March 31, 2026 at 10:44PM by WatermanReports
via reddit https://ift.tt/UbSHEac
https://ift.tt/wDxpj89
Submitted March 31, 2026 at 10:44PM by WatermanReports
via reddit https://ift.tt/UbSHEac
Govinfosecurity
University of North Georgia Triumphs in DOD Hacking Contest
A team of cybersecurity students from the University of North Georgia vanquished seven opposing teams from other senior military colleges and elite service
ImageMagick: From Arbitrary File Read to File Write In Every Policy (ZeroDay)
https://ift.tt/BtarETq
Submitted March 31, 2026 at 10:28PM by _vavkamil_
via reddit https://ift.tt/oRb3SQa
https://ift.tt/BtarETq
Submitted March 31, 2026 at 10:28PM by _vavkamil_
via reddit https://ift.tt/oRb3SQa
PWN.AI
ImageMagick: From Arbitrary File Read to File Write In Every Policy (ZeroDay)
How pwn.ai turned a routine client pentest into multiple ImageMagick exploits. By autonomously researching the product’s internals for days, it found a path from a single image upload to file leaks, security policy bypasses, and remote code execution across…
PSA: That 'Disable NTLMv1' GPO you set years ago? It’s lying to you. LmCompatibilityLevel set to 5 is not enough.
https://ift.tt/2gndwR0
Submitted April 1, 2026 at 12:19AM by hardeningbrief
via reddit https://ift.tt/tF8YARm
https://ift.tt/2gndwR0
Submitted April 1, 2026 at 12:19AM by hardeningbrief
via reddit https://ift.tt/tF8YARm
Silverfort
If you think you blocked NTLMv1 in your org, think again
If you think you’ve blocked NTLMv1 in your organization, think again. Silverfort’s research team recently discovered that attackers bypass the Group Policy designed to disable NTLMv1…
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://ift.tt/zjRBhMi
Submitted April 1, 2026 at 01:27AM by maurosoria
via reddit https://ift.tt/h8mey6D
https://ift.tt/zjRBhMi
Submitted April 1, 2026 at 01:27AM by maurosoria
via reddit https://ift.tt/h8mey6D
blog.calif.io
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
Market Bifurcation in Pentesting by 2026 (37%) – AI May Split the Field in Two Rather Than Flatten It, and That Changes Everything About Who Survives the Disruption
https://ift.tt/VLoKRq8
Submitted April 1, 2026 at 08:42AM by ok_bye_now_
via reddit https://ift.tt/OlyZz6Q
https://ift.tt/VLoKRq8
Submitted April 1, 2026 at 08:42AM by ok_bye_now_
via reddit https://ift.tt/OlyZz6Q
Retroactive xref entanglement analysis: pre-emptive PDF modification detection (72h temporal window)
https://ift.tt/rhMRDwq
Submitted April 1, 2026 at 01:12PM by Total-Reasonable
via reddit https://ift.tt/tJFj7ul
https://ift.tt/rhMRDwq
Submitted April 1, 2026 at 01:12PM by Total-Reasonable
via reddit https://ift.tt/tJFj7ul
HTPBE
Introducing HTPBE Quantum: PDF Verification Before the Document Exists
Today we announce HTPBE Quantum — our breakthrough product that verifies PDF authenticity up to 72 hours before the document is created. Using quantum m...
Authority Encoding Risk (AER)
https://ift.tt/Hd6D3yX
Submitted April 1, 2026 at 02:11PM by Dramatic-Ebb-7165
via reddit https://ift.tt/bvULym0
https://ift.tt/Hd6D3yX
Submitted April 1, 2026 at 02:11PM by Dramatic-Ebb-7165
via reddit https://ift.tt/bvULym0
Ssrn
Pantheon Authority Encoding Risk (AER) A Measurable Actuarial Variable for AI-Influenced Environments
This paper introduces Authority Encoding Risk (AER), a structural actuarial variable designed to quantify ambiguity in decision authority within AI-influenced e
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/675Xl8k
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/675Xl8k
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
AI-Generated Calendar Event Phishing w/ Dynamic Landing Pages
https://ift.tt/kCcV0Gw
Submitted April 1, 2026 at 06:45PM by IndySecMan
via reddit https://ift.tt/WwuhKFf
https://ift.tt/kCcV0Gw
Submitted April 1, 2026 at 06:45PM by IndySecMan
via reddit https://ift.tt/WwuhKFf
PhishU
Calendar Event Phishing in the PhishU Framework
How the PhishU Framework simulates calendar event phishing with native event rendering, AI suggestions, tracked links, and integrated training.
Cisco source code stolen by ShinyHunters via Trivy supply-chain attack. AWS keys breached, 300+ repos cloned and more
https://ift.tt/cghnLCS
Submitted April 2, 2026 at 10:58AM by raptorhunter22
via reddit https://ift.tt/VNurvtA
https://ift.tt/cghnLCS
Submitted April 2, 2026 at 10:58AM by raptorhunter22
via reddit https://ift.tt/VNurvtA
The CyberSec Guru
Cisco Source Code Stolen in Major Trivy Supply Chain Breach | The CyberSec Guru
Cisco data breach by ShinyHunters. 300+ GitHub repos stolen, 3M Salesforce records leaked via Trivy supply chain attack. Get the full breakdown
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://ift.tt/SMeoqfm
Submitted April 2, 2026 at 04:36PM by dx7r__
via reddit https://ift.tt/1NDYvxo
https://ift.tt/SMeoqfm
Submitted April 2, 2026 at 04:36PM by dx7r__
via reddit https://ift.tt/1NDYvxo
watchTowr Labs
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions.
While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role…
While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role…