Netsec
@RNetsec
7.48K subscribers
22.9K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.48K subscribers
Netsec
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
https://ift.tt/hVnqIR3

Submitted April 8, 2026 at 04:33PM by TradeGold6317
via reddit https://ift.tt/apg3UmJ
Simon Koeck
Reading /etc/passwd via Translation Upload in Tolgee | Simon Koeck
Tolgee's XML translation importers ship with zero security config. Upload a crafted file, read anything from the server. Confirmed on their cloud platform.
280 views
Netsec
Brandefense Q4 2025 Ransomware Trends Report — 2,373 incidents, 125 groups, CVE exploitation breakdown
https://ift.tt/0Fq93zD

Submitted April 8, 2026 at 04:06PM by brandefense
via reddit https://ift.tt/xDFA7Rg
Brandefense
Ransomware Trends Report | Q4 2025 - Brandefense
Explore Brandefense’s Ransomware Trends Report Q4 2025 with sector-based insights, top ransomware groups, exploited CVEs, and global attack patterns.
272 views
Netsec
Training for Device Code Phishing
https://ift.tt/bXr5URO

Submitted April 8, 2026 at 03:54PM by redwheel82
via reddit https://ift.tt/E6yFajB
PhishU
Microsoft Entra Device Code Phishing Simulation in the PhishU Framework
How the PhishU Framework simulates Microsoft Entra device code phishing with silent token capture, live notifications, and Token Explorer follow-on actions.
312 views
Netsec
Broken by Default: I formally proved that LLM-generated C/C++ code is broken by default — 55.8% vulnerable, 97.8% invisible to existing tools
https://ift.tt/E1U4tH0

Submitted April 8, 2026 at 06:56PM by Hot_Dream_4005
via reddit https://ift.tt/RYwpyQa
291 views
Netsec
Why i think Mythos is gonna be game changing after using Opus for a CTF
https://ift.tt/YvwxPaX

Submitted April 8, 2026 at 06:40PM by BrilliantWaltz6397
via reddit https://ift.tt/Qs3CA2h
www.techupkeep.dev
Project Glasswing: Anthropic Built an AI That Finds Zero-Days, Then Refused to Release It
Anthropic's Project Glasswing uses Claude Mythos Preview to find thousands of zero-day exploits, and I have firsthand proof their models are better than people think.
333 views
Netsec
Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information 07 April 2026
https://ift.tt/Mkzi7T9

Submitted April 8, 2026 at 07:58PM by Chromber
via reddit https://ift.tt/u7yaDxY
349 views
Netsec
Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration
https://ift.tt/3ZVL9qO

Submitted April 8, 2026 at 09:11PM by GonzoZH
via reddit https://ift.tt/NVTIjfK
324 views
Netsec
A new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.
https://ift.tt/H6flWFr

Submitted April 8, 2026 at 09:04PM by This_Lingonberry3274
via reddit https://ift.tt/7EmLlPf
Anthropic
Project Glasswing: Securing critical software for the AI era
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
332 views
Netsec
Offensive Fraud Prevention
https://ift.tt/2rGl86w

Submitted April 8, 2026 at 11:03PM by pathetiq
via reddit https://ift.tt/WcEGKtg
Security Autopsy
Offensive Fraud Prevention
To follow the previous article "Fraud & Application Security: Ignoring each other is costing your business!",

Business logic flaws, not SQL injection, are where the real money disappears!

Traditional penetration testing, SAST and scanners catch technical…
354 views
Netsec
dnsight - open source, config driven CLI DNS auditor
https://ift.tt/ZmwSj4L

Submitted April 9, 2026 at 01:20AM by MikeyS91
via reddit https://ift.tt/usIfCrE
354 views
Netsec
The Gap Between “Thousands of Vulnerabilities” and Reality | by Manikandan Swaminathan | Apr, 2026
https://ift.tt/fVcFgR8

Submitted April 8, 2026 at 11:08PM by Comfortable-Rock8782
via reddit https://ift.tt/kBYvVzU
Medium
The Gap Between “Thousands of Vulnerabilities” and Reality
A security practitioner’s breakdown of Anthropic’s Mythos claims — what’s real, what’s overstated, and what actually matters
310 views
Netsec
Applying SOAR-style automation to physical perimeter security
https://ift.tt/OhXe0Sj

Submitted April 9, 2026 at 03:31PM by RockyCyberGeek
via reddit https://ift.tt/IaV8Gwv
AI News
Asylon and Thrive Logic bring physical AI to enterprise perimeter security
Physical AI security for the high-worth enterprise perimeter gets a step closer with the partnership announced between two companies.
301 views
Netsec
The NaClCON (Salt Con) speaker list is out! May 31–June 2, Carolina Beach NC
https://ift.tt/z9yJGwQ

Submitted April 9, 2026 at 10:18PM by count_zero_moustafa
via reddit https://ift.tt/xu2i9D1
NaClCON
NaClCON - The History of Hacking/Cybersecurity Conference - Speakers | NaClCON
Meet the experts shaping cyber security today
313 views
Netsec
Threat Model Discrepancy: Google Password Manager leaks cleartext passwords via Task Switcher (Won't Fix) - Violates German BSI Standards
https://drive.google.com/file/d/1nIJMQbM4R17EMt9f1Ffb4UmCPYY7-GXb/view?usp=sharing

Submitted April 9, 2026 at 09:40PM by Onat120
via reddit https://ift.tt/4ZnRlvE
Reddit
From the netsec community on Reddit: Threat Model Discrepancy: Google Password Manager leaks cleartext passwords via Task Switcher…
Posted by Onat120 - 14 votes and 2 comments
324 views
Netsec
Slipping up Slippi with spectator RCE
https://khang06.github.io/slippirce/

Submitted April 10, 2026 at 10:15AM by khangaroooooooo
via reddit https://ift.tt/MXYmEVa
Khang's Stuff
Slipping up Slippi with spectator RCE
I don't think that's tournament-legal.
264 views
Netsec
Renovate & Dependabot: The New Malware Delivery System
https://ift.tt/ybjXaVZ

Submitted April 10, 2026 at 01:56PM by mabote
via reddit https://ift.tt/fCDGWic
GitGuardian Blog - Take Control of Your Secrets Security
Renovate & Dependabot: The New Malware Delivery System
Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat.
241 views
Netsec
Taiwanese Prosecutors Seize $6.6M in Assets from Incognito Market Admin "Pharoah" (Lin Rui-siang)
https://ift.tt/2KyCsAF

Submitted April 10, 2026 at 04:18PM by Siraph74
via reddit https://ift.tt/eW4JBbF
Tor Daily
Archive: Assets worth over $6 Million seized from Incognito Market Admin Lin Rui-Siang - Tor Daily
Incognito Market In May 2025 Taiwanese prosecutors seized assets worth more than NT$200 million ($6.
248 views
Netsec
Static analysis of iOS App Store binaries: common vulnerabilities I keep finding after 15 years in mobile security
https://ift.tt/ySUkYW8

Submitted April 10, 2026 at 03:51PM by kovallux
via reddit https://ift.tt/03yCkj6
Meetup
Luxembourg Vibe-Code & Hack Apps | Meetup
Rapid development meets practical security.This group sits at the intersection of AI-assisted coding and application security. We're based in Luxembourg, we meet in English, and we value working code over lengthy presentations.Topics rotate between vibe coding…
253 views
Netsec
Nmap triage without a backend: XSLT -> HTML report that highlights unusual hosts/services
https://ift.tt/Ei3YwHW

Submitted April 10, 2026 at 11:22PM by 13utters
via reddit https://ift.tt/M8PoJ9F
möbius.band
Using XSLT to turn Nmap scans into an interactive HTML report
Old-school XSLT, modern browser triage: NmapView turns scan data into a portable HTML report.
168 views
Netsec
Claude Code Audit: Confirmed RCE via Environment Variable Injection
https://audited.xyz/blog/claude-code

Submitted April 10, 2026 at 10:53PM by nicallooo
via reddit https://ift.tt/mifjC87
audited.xyz
Claude Code audit
One confirmed vulnerability with RCE proof of concept.
169 views