Retroactive xref entanglement analysis: pre-emptive PDF modification detection (72h temporal window)
https://ift.tt/rhMRDwq
Submitted April 1, 2026 at 01:12PM by Total-Reasonable
via reddit https://ift.tt/tJFj7ul
https://ift.tt/rhMRDwq
Submitted April 1, 2026 at 01:12PM by Total-Reasonable
via reddit https://ift.tt/tJFj7ul
HTPBE
Introducing HTPBE Quantum: PDF Verification Before the Document Exists
Today we announce HTPBE Quantum — our breakthrough product that verifies PDF authenticity up to 72 hours before the document is created. Using quantum m...
Authority Encoding Risk (AER)
https://ift.tt/Hd6D3yX
Submitted April 1, 2026 at 02:11PM by Dramatic-Ebb-7165
via reddit https://ift.tt/bvULym0
https://ift.tt/Hd6D3yX
Submitted April 1, 2026 at 02:11PM by Dramatic-Ebb-7165
via reddit https://ift.tt/bvULym0
Ssrn
Pantheon Authority Encoding Risk (AER) A Measurable Actuarial Variable for AI-Influenced Environments
This paper introduces Authority Encoding Risk (AER), a structural actuarial variable designed to quantify ambiguity in decision authority within AI-influenced e
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/675Xl8k
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/675Xl8k
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
AI-Generated Calendar Event Phishing w/ Dynamic Landing Pages
https://ift.tt/kCcV0Gw
Submitted April 1, 2026 at 06:45PM by IndySecMan
via reddit https://ift.tt/WwuhKFf
https://ift.tt/kCcV0Gw
Submitted April 1, 2026 at 06:45PM by IndySecMan
via reddit https://ift.tt/WwuhKFf
PhishU
Calendar Event Phishing in the PhishU Framework
How the PhishU Framework simulates calendar event phishing with native event rendering, AI suggestions, tracked links, and integrated training.
Cisco source code stolen by ShinyHunters via Trivy supply-chain attack. AWS keys breached, 300+ repos cloned and more
https://ift.tt/cghnLCS
Submitted April 2, 2026 at 10:58AM by raptorhunter22
via reddit https://ift.tt/VNurvtA
https://ift.tt/cghnLCS
Submitted April 2, 2026 at 10:58AM by raptorhunter22
via reddit https://ift.tt/VNurvtA
The CyberSec Guru
Cisco Source Code Stolen in Major Trivy Supply Chain Breach | The CyberSec Guru
Cisco data breach by ShinyHunters. 300+ GitHub repos stolen, 3M Salesforce records leaked via Trivy supply chain attack. Get the full breakdown
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://ift.tt/SMeoqfm
Submitted April 2, 2026 at 04:36PM by dx7r__
via reddit https://ift.tt/1NDYvxo
https://ift.tt/SMeoqfm
Submitted April 2, 2026 at 04:36PM by dx7r__
via reddit https://ift.tt/1NDYvxo
watchTowr Labs
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions.
While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role…
While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role…
4 unpatched CVEs in CrewAI chain prompt injection → sandbox bypass → RCE on host
https://ift.tt/84TRIti
Submitted April 2, 2026 at 04:21PM by AICyberPro
via reddit https://ift.tt/7U6FvZs
https://ift.tt/84TRIti
Submitted April 2, 2026 at 04:21PM by AICyberPro
via reddit https://ift.tt/7U6FvZs
kb.cert.org
CERT/CC Vulnerability Note VU#221883
CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read
Your terminal is lying to you: escape sequence attacks from the 90s that still work.
https://ift.tt/WZrIXzV
Submitted April 2, 2026 at 07:34PM by Mindless-Study1898
via reddit https://ift.tt/w5nWKkh
https://ift.tt/WZrIXzV
Submitted April 2, 2026 at 07:34PM by Mindless-Study1898
via reddit https://ift.tt/w5nWKkh
Cred Relay
Dumb Terminal Hacks & What NOT to Study for the OSCP
Old terminal hacks that still work and still land CVEs. The OSCP topics you shouldn't waste your time on. From a working pentester.
Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices
https://ift.tt/zJ8MWrG
Submitted April 2, 2026 at 07:05PM by evilsocket
via reddit https://ift.tt/3Qvzq7d
https://ift.tt/zJ8MWrG
Submitted April 2, 2026 at 07:05PM by evilsocket
via reddit https://ift.tt/3Qvzq7d
evilsocket
Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices
The [LinkedIn browsergate] Attack: How it works
https://ift.tt/d0HuRVO
Submitted April 2, 2026 at 08:43PM by moviuro
via reddit https://ift.tt/XmLx8kq
https://ift.tt/d0HuRVO
Submitted April 2, 2026 at 08:43PM by moviuro
via reddit https://ift.tt/XmLx8kq
BrowserGate
The Attack: How it works
Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them…
Turning a Raspberry Pi into a "Poor Man's" Enterprise IDS/NSM using Zeek and Suricata
https://ift.tt/n9gCmeR
Submitted April 2, 2026 at 10:06PM by robobostes
via reddit https://ift.tt/4XL2DEP
https://ift.tt/n9gCmeR
Submitted April 2, 2026 at 10:06PM by robobostes
via reddit https://ift.tt/4XL2DEP
HookProbe
Blog | HookProbe
Security insights, tutorials, and updates from the HookProbe team. Learn about edge security, threat detection, and autonomous SOC operations.
red team sandbox with real detection
https://ift.tt/nvqQdeR
Submitted April 2, 2026 at 10:00PM by No-Magazine2625
via reddit https://ift.tt/dHBSNDU
https://ift.tt/nvqQdeR
Submitted April 2, 2026 at 10:00PM by No-Magazine2625
via reddit https://ift.tt/dHBSNDU
www.shieldnet.app
DLX7 Red Team Arena — Adversarial Training Game
A controlled hacking game for red team, purple team, and security engineers. Your attack attempts train DLX7 ShieldNet guardrails.
SHA Pinning Is Not Enough
https://ift.tt/JF1P7bN
Submitted April 2, 2026 at 10:55PM by RoseSec_
via reddit https://ift.tt/nZKkPlU
https://ift.tt/JF1P7bN
Submitted April 2, 2026 at 10:55PM by RoseSec_
via reddit https://ift.tt/nZKkPlU
rosecurity@dev
SHA Pinning Is Not Enough
A few days ago I wrote about how the Trivy ecosystem got turned into a credential stealer. One of my takeaways was “pin by SHA.” Every supply chain security guide says it, I’ve said it, every subreddit says it, and the GitHub Actions hardening docs say it.
Detailed analysis of a sophisticated firefox extension malware found in the wild using browser-xpi-malware-scanner.py
https://ift.tt/hcvnySe
Submitted April 3, 2026 at 05:03AM by TitleUpbeat3201
via reddit https://ift.tt/DMzy0xO
https://ift.tt/hcvnySe
Submitted April 3, 2026 at 05:03AM by TitleUpbeat3201
via reddit https://ift.tt/DMzy0xO
www.yourdev.net
Browser extension malware analysis - using browser-xpi-malware-scanner.py to find malware in the wild
Deep-dive static analysis of a malicious Firefox extension that hides its C2 configuration in a PNG trailer, evades AV scanners via Unicode low-byte encoding, hijacks Taobao/JD.com affiliate commissions, and breaks the browser sandbox with a fake chrome.*…
10 Things Your First Security Hire Shouldn’t Do – High Signal Security
https://ift.tt/TK9fBzd
Submitted April 3, 2026 at 11:44AM by shantanu14g
via reddit https://ift.tt/DgY06AH
https://ift.tt/TK9fBzd
Submitted April 3, 2026 at 11:44AM by shantanu14g
via reddit https://ift.tt/DgY06AH
High Signal Security
10 Things Your First Security Hire Shouldn’t Do
First security hire is a weird job - here’s a counterfactual guide on what to avoid
New RCE in Control Web Panel (CVE-2025-70951)
https://ift.tt/zLhwk4C
Submitted April 3, 2026 at 01:50PM by SzLam__
via reddit https://ift.tt/xlJsfQc
https://ift.tt/zLhwk4C
Submitted April 3, 2026 at 01:50PM by SzLam__
via reddit https://ift.tt/xlJsfQc
Fenrisk
Remote code execution in CentOS Web Panel - CVE-2025-70951
Security experts
A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm
https://ift.tt/gFhbEwN
Submitted April 3, 2026 at 01:44PM by raptorhunter22
via reddit https://ift.tt/QC7lK1r
https://ift.tt/gFhbEwN
Submitted April 3, 2026 at 01:44PM by raptorhunter22
via reddit https://ift.tt/QC7lK1r
The CyberSec Guru
Adobe Data Breach 2026: Mr. Raccoon Leaks 13M Support Tickets | The CyberSec Guru
Report on the alleged Adobe data breach. Threat actor Mr. Raccoon claims 13M support tickets, 15k employee records and HackerOne data leaked via BPO.
What 16 security engines found in 2,900 MCP servers
https://ift.tt/JSprsH1
Submitted April 3, 2026 at 05:20PM by MCPAmpel
via reddit https://ift.tt/WQCZpg8
https://ift.tt/JSprsH1
Submitted April 3, 2026 at 05:20PM by MCPAmpel
via reddit https://ift.tt/WQCZpg8
Mcpampel
What 16 Security Engines Found in 2,900 MCP Servers
91% of MCP repos have security findings. Data from 6,494 scans across 2,896 repos with 16 independent engines.
Characterizing Abusive IP Proxies
https://ift.tt/fxRqKB6
Submitted April 3, 2026 at 06:15PM by jtkchicago
via reddit https://ift.tt/nziVaeZ
https://ift.tt/fxRqKB6
Submitted April 3, 2026 at 06:15PM by jtkchicago
via reddit https://ift.tt/nziVaeZ
Using undocumented AWS CodeBuild endpoints to extract privileged tokens from AWS CodeConnections allowing lateral movement and privilege escalation through an organisation's codebase
https://ift.tt/d5lyfUC
Submitted April 3, 2026 at 07:24PM by thomaspreece
via reddit https://ift.tt/lFNeOkp
https://ift.tt/d5lyfUC
Submitted April 3, 2026 at 07:24PM by thomaspreece
via reddit https://ift.tt/lFNeOkp
Thomas Preece
Part 2: AWS CodeBuild (Escalating Privileges via AWS CodeConnections) - Thomas Preece
Part 2: AWS CodeBuild (Escalating Privileges via AWS CodeConnections) - In this post we show how to use a malicious Docker Image to monitor network traffic within CodeBuild and find undocumented AWS API calls. From this we'll find a CodeBuild API that gives…
If you're running OpenClaw, you probably got hacked in the last week
https://ift.tt/ZOR4PTe
Submitted April 3, 2026 at 07:04PM by NotFunnyVipul
via reddit https://ift.tt/t7nkBo4
https://ift.tt/ZOR4PTe
Submitted April 3, 2026 at 07:04PM by NotFunnyVipul
via reddit https://ift.tt/t7nkBo4
Blink Blog
CVE-2026-33579: OpenClaw Privilege Escalation Fix Guide
CVE-2026-33579 is a HIGH severity OpenClaw vulnerability fixed in 2026.3.28. Learn what's affected, how to patch, and how to detect exploitation.