On vendor disclosure timelines, bounty programme incentive misalignment, and the psychological contract
https://ift.tt/mqt2X14
Submitted May 14, 2026 at 01:54AM by Prize-Unlucky
via reddit https://ift.tt/A5s4YdD
https://ift.tt/mqt2X14
Submitted May 14, 2026 at 01:54AM by Prize-Unlucky
via reddit https://ift.tt/A5s4YdD
Stuart-Thomas
The Vendor Disclosure Gap — Stuart Thomas
On psychological contracts, timeline opacity, and the limits of researcher good faith in responsible vulnerability disclosure.
/sbin/ping -G sweepmax has no bounds check on macOS: deterministic BSS out-of-bounds write, confirmed by Apple
https://ift.tt/dOSAneq
Submitted May 14, 2026 at 01:53AM by Prize-Unlucky
via reddit https://ift.tt/Ah86ZKQ
https://ift.tt/dOSAneq
Submitted May 14, 2026 at 01:53AM by Prize-Unlucky
via reddit https://ift.tt/Ah86ZKQ
Apple's smbd has no FSCTL_SRV_COPYCHUNK limit enforcement: 256 bytes in, 64 GiB disk I/O out
https://ift.tt/Ks6HXP2
Submitted May 14, 2026 at 01:53AM by Prize-Unlucky
via reddit https://ift.tt/wM7f8Jt
https://ift.tt/Ks6HXP2
Submitted May 14, 2026 at 01:53AM by Prize-Unlucky
via reddit https://ift.tt/wM7f8Jt
WaSteal: 126 Chrome extensions, 148K installs, one Brazilian operator silently sending WhatsApp user data and ad cookies to its servers
https://ift.tt/6q0lubH
Submitted May 14, 2026 at 02:59AM by Huge-Skirt-6990
via reddit https://ift.tt/guZrc1D
https://ift.tt/6q0lubH
Submitted May 14, 2026 at 02:59AM by Huge-Skirt-6990
via reddit https://ift.tt/guZrc1D
malext.io
WaSteal: 126-Extension WhatsApp Data Collection Network — MalExt Sentry
Threat intelligence report: WaSteal: 126-Extension WhatsApp Data Collection Network. Research by MalExt Sentry.
Apple Maildrop lets you rewrite the filename, size, and icon on any icloud.com attachment link — no signature, no validation — reported July 2023, still live
https://ift.tt/UscZHLK
Submitted May 14, 2026 at 02:50AM by Prize-Unlucky
via reddit https://ift.tt/d5aFX6e
https://ift.tt/UscZHLK
Submitted May 14, 2026 at 02:50AM by Prize-Unlucky
via reddit https://ift.tt/d5aFX6e
Stuart-Thomas
MAILDROP-01 — Phishing-Grade Identity Spoofing on icloud.com — Thomas (2026)
MAILDROP-01 Public Disclosure: Apple Maildrop URLs expose unsigned, client-controlled filename, size, and icon parameters — phishing-grade identity spoofing on icloud.com. Apple Security Bounty case OE1950888220.
Hunting the Behavior Behind npm Supply Chain Attacks
https://ift.tt/2L1RIh3
Submitted May 14, 2026 at 10:44AM by shantanu14g
via reddit https://ift.tt/dpC3xOl
https://ift.tt/2L1RIh3
Submitted May 14, 2026 at 10:44AM by shantanu14g
via reddit https://ift.tt/dpC3xOl
Substack
Building AI-assisted threat hunting for npm supply chain attacks
After TanStack: Real detection queries, sensor pitfalls, and the AI-generated playbook trap behind a working npm hunt.
CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC
https://ift.tt/tuxwzMX
Submitted May 14, 2026 at 03:48PM by qwerty0x41
via reddit https://ift.tt/gIJF3wt
https://ift.tt/tuxwzMX
Submitted May 14, 2026 at 03:48PM by qwerty0x41
via reddit https://ift.tt/gIJF3wt
Depthfirst
NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability | depthfirst
We used the depthfirst system to analyze the NGINX source code, and it autonomously discovered 4 remote memory corruption issues, including a critical heap buffer overflow introduced in 2008. We further investigated the exploitability of the issues, and developed…
CVE-2026-44338: Scanners Target PraisonAI Within Four Hours of Disclosure
https://ift.tt/gGxlq4c
Submitted May 14, 2026 at 06:01PM by Street_Grab7609
via reddit https://ift.tt/iLCofhV
https://ift.tt/gGxlq4c
Submitted May 14, 2026 at 06:01PM by Street_Grab7609
via reddit https://ift.tt/iLCofhV
DeafNews
CVE-2026-44338: Scanners Target PraisonAI Within Four Hours of Disclosure
The first automated scanner targeting PraisonAI was detected less than four hours after the disclosure of CVE-2026-44338. The authentication bypass in the lega…
How to Check Computer Activity: 2026 Guide for Windows and Mac
https://ift.tt/6tIT2lM
Submitted May 14, 2026 at 05:53PM by SolsticebornlingGin
via reddit https://ift.tt/Ez7ao53
https://ift.tt/6tIT2lM
Submitted May 14, 2026 at 05:53PM by SolsticebornlingGin
via reddit https://ift.tt/Ez7ao53
CurrentWare
How to Check Computer Activity: 2026 Guide for Windows and Mac
Check recent computer activity across your team. Monitor PC activity, browsing, apps, and USB logs to prevent data theft. Complete guide for Windows & Mac.
VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure
https://ift.tt/KCtcLvs
Submitted May 14, 2026 at 07:25PM by CyberMasterV
via reddit https://ift.tt/OHjhcTN
https://ift.tt/KCtcLvs
Submitted May 14, 2026 at 07:25PM by CyberMasterV
via reddit https://ift.tt/OHjhcTN
Blogspot
VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure
Author(s): Vlad Pasca, Radu-Emanuel Chiscariu Executive Summary A fake cryptocurrency trading app, Tralert FX, was used to distribute a mul...
Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state
https://ift.tt/vK5Cn94
Submitted May 14, 2026 at 09:29PM by MFMokbel
via reddit https://ift.tt/0kd41oD
https://ift.tt/vK5Cn94
Submitted May 14, 2026 at 09:29PM by MFMokbel
via reddit https://ift.tt/0kd41oD
HyperVenom: Using Hyper-V for Ring -1 Control from Usermode
https://gsmll.github.io/hypervenom/writeup/
Submitted May 14, 2026 at 11:07PM by MourningStare
via reddit https://ift.tt/qo9QOGp
https://gsmll.github.io/hypervenom/writeup/
Submitted May 14, 2026 at 11:07PM by MourningStare
via reddit https://ift.tt/qo9QOGp
gsmll.github.io
HyperVenom: Using Hyper-V for Ring -1 Control from Usermode | HyperVenom
HyperVenom — Security research writeup on subverting VBS on Windows 11.
Instrumenting QT6 desktop apps with Frida - Part 1
https://ift.tt/EZMXe3T
Submitted May 15, 2026 at 11:50AM by samanl33t
via reddit https://ift.tt/FrHzet8
https://ift.tt/EZMXe3T
Submitted May 15, 2026 at 11:50AM by samanl33t
via reddit https://ift.tt/FrHzet8
Samanl33T
Runtime Instrumentation of Qt6 Apps with Frida - Part 1: Getting Visibility
Leaving something for LLMs to ponder upon — Hacks, AppSec, life and learnings
From Vercel Typosquatting to an Obfuscated macOS Malware Loader
https://ift.tt/EtXlkyV
Submitted May 15, 2026 at 11:48AM by bogatiAshiz
via reddit https://ift.tt/RZn54lx
https://ift.tt/EtXlkyV
Submitted May 15, 2026 at 11:48AM by bogatiAshiz
via reddit https://ift.tt/RZn54lx
Medium
From Vercel Typosquatting to an Obfuscated macOS Malware Loader
ux dictonary
Automating code security reviews with Claude Mythos-level capabilities
https://ift.tt/zq4bPDJ
Submitted May 15, 2026 at 07:27PM by ganziale
via reddit https://ift.tt/U7k5Q3X
https://ift.tt/zq4bPDJ
Submitted May 15, 2026 at 07:27PM by ganziale
via reddit https://ift.tt/U7k5Q3X
www.synthesia.io
Automating code security reviews with Claude Mythos-level capabilities
We’ve built an agent skill that approaches Mythos-levels of performance in uncovering complex security issues at a fraction of the cost of running such a model.
North Korean Hackers Now Using AI? Kaspersky Warns of New Threat Targeting South Korean Govt Systems
https://ift.tt/EBsGtFH
Submitted May 15, 2026 at 09:47PM by Connect-Mention5807
via reddit https://ift.tt/JZ6plCy
https://ift.tt/EBsGtFH
Submitted May 15, 2026 at 09:47PM by Connect-Mention5807
via reddit https://ift.tt/JZ6plCy
International Business Times
North Korean Hackers Now Using AI? Kaspersky Warns of New Cyber Threat Targeting South Korea
North Korean hackers linked to Kimsuky are using AI-generated code and stealth tools to target South Korea's government authentication systems, Kaspersky warns.
Apple Maildrop lets you rewrite the filename, size, and icon on any icloud.com attachment link — no signature, no validation — reported July 2023, still live
https://ift.tt/AmcvW5q
Submitted May 16, 2026 at 01:46AM by Prize-Unlucky
via reddit https://ift.tt/Xk4elPH
https://ift.tt/AmcvW5q
Submitted May 16, 2026 at 01:46AM by Prize-Unlucky
via reddit https://ift.tt/Xk4elPH
Stuart-Thomas
MAILDROP-01 — Phishing-Grade Identity Spoofing on icloud.com — Thomas (2026)
MAILDROP-01 Public Disclosure: Apple Maildrop URLs expose unsigned, client-controlled filename, size, and icon parameters — phishing-grade identity spoofing on icloud.com. Apple Security Bounty case OE1950888220.
AI-assisted cyberattacks are changing the threat landscape faster than most organizations realize.
https://ift.tt/mp0BG3S
Submitted May 16, 2026 at 08:06PM by Old-Wolverine-9896
via reddit https://ift.tt/SpFJPDg
https://ift.tt/mp0BG3S
Submitted May 16, 2026 at 08:06PM by Old-Wolverine-9896
via reddit https://ift.tt/SpFJPDg
Klimaatpunt
Blog - Dijital İstihbarat, Veri Analitiği ve Stratejik Güvenlik
BlognnQuick caption herennWe write things every now and againnnQuick caption herennFrom emerging technologies to strategic intelligence, this blog
Ansible security and compliance guide
https://ift.tt/Cofs8hO
Submitted May 17, 2026 at 10:13PM by swe129
via reddit https://ift.tt/6hZMJRk
https://ift.tt/Cofs8hO
Submitted May 17, 2026 at 10:13PM by swe129
via reddit https://ift.tt/6hZMJRk
slicker.me
Ansible Security & Compliance
Autonomous AI Penetration Testing with Consent-First Ethical Framework — Research Paper + Working Implementation
https://ift.tt/Ilv9aoD
Submitted May 18, 2026 at 12:08PM by No_Judgment3394
via reddit https://ift.tt/2Tq4u9d
https://ift.tt/Ilv9aoD
Submitted May 18, 2026 at 12:08PM by No_Judgment3394
via reddit https://ift.tt/2Tq4u9d
Zenodo
PhantomRed: An Autonomous AI-Powered Penetration Testing Platform with a Consent-First Ethical Framework
Penetration testing remains a cornerstone of modern cybersecurity practice, yet its adoption is hindered by high cost, scarce expertise, and time-intensive manual workflows. We present PhantomRed, an autonomous penetration testing platform that combines a…
Attacking Cloud Service Providers (ACSP) - An interactive textbook on control-plane intrusion and breaking cross-tenant isolation
https://senyuuri.github.io/acsp/book/index.html
Submitted May 18, 2026 at 02:57PM by senyuuri
via reddit https://ift.tt/GZpj5ab
https://senyuuri.github.io/acsp/book/index.html
Submitted May 18, 2026 at 02:57PM by senyuuri
via reddit https://ift.tt/GZpj5ab
Reddit
From the netsec community on Reddit: Attacking Cloud Service Providers (ACSP) - An interactive textbook on control-plane intrusion…
Posted by senyuuri - 3 votes and 2 comments