Introducing Keyhog: The First GPU Accelerated secret scanner
https://ift.tt/7sKhJpD
Submitted May 30, 2026 at 12:30AM by MT_Carnage
via reddit https://ift.tt/nXCWFME
https://ift.tt/7sKhJpD
Submitted May 30, 2026 at 12:30AM by MT_Carnage
via reddit https://ift.tt/nXCWFME
Santh
891 detectors, GPU-accelerated, contract-tested. Meet keyhog.
Open-source secret scanner in Rust. SIMD on the CPU, an Aho-Corasick automaton on the GPU, SARIF + JSON + TUI output, 14,512 adversarial cases per build.
OffensiveCon26 YouTube Playlist released
https://www.youtube.com/playlist?list=PLYvhPWR_XYJkIP2X-uGDsAMIKnhdSauaM
Submitted May 30, 2026 at 12:08AM by maurosoria
via reddit https://ift.tt/HPCVLdw
https://www.youtube.com/playlist?list=PLYvhPWR_XYJkIP2X-uGDsAMIKnhdSauaM
Submitted May 30, 2026 at 12:08AM by maurosoria
via reddit https://ift.tt/HPCVLdw
A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)
https://ift.tt/5FfJ1lv
Submitted May 30, 2026 at 02:17AM by OtherwisePush6424
via reddit https://ift.tt/RCmTYbV
https://ift.tt/5FfJ1lv
Submitted May 30, 2026 at 02:17AM by OtherwisePush6424
via reddit https://ift.tt/RCmTYbV
Gaborkoos
How to Evaluate an npm Package - 2026 Edition
Stars and downloads tell you about popularity, not safety. Here's a practical checklist for evaluating an npm package's security, reliability, and long-term maintenance in 2026.
Digital Trap: Iran Uses Selective Internet Restoration to Track and Arrest January Protesters
https://ift.tt/f5heY7J
Submitted May 30, 2026 at 07:14PM by Beginning-Wish-4273
via reddit https://ift.tt/7Q1Ua8x
https://ift.tt/f5heY7J
Submitted May 30, 2026 at 07:14PM by Beginning-Wish-4273
via reddit https://ift.tt/7Q1Ua8x
Iran News Wire
Digital Trap: Iran Uses Selective Internet Restoration to Track and Arrest January Protesters
Digital rights activists say Iran's selective internet restoration is being used to identify, track, and arrest individuals linked to January protests.
LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions
https://thewhiteh4t.github.io/blog/ai-chat-llmreaper/
Submitted May 31, 2026 at 09:12AM by thewhiteh4t
via reddit https://ift.tt/ZtGXyRa
https://thewhiteh4t.github.io/blog/ai-chat-llmreaper/
Submitted May 31, 2026 at 09:12AM by thewhiteh4t
via reddit https://ift.tt/ZtGXyRa
Lohitya Pushkar (thewhiteh4t)
LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions | Lohitya Pushkar (thewhiteh4t)
LLMReaper is a proof-of-concept Chrome extension (Manifest V3) demonstrating passive DOM-based exfiltration of AI conversations from ChatGPT, Claude, and Gemini using MutationObserver, no special permissions, no network interception. Captured conversations…
ThinkPad firmware reverse-engineering toolchain: archived Lenovo BIOS → named SoC pads, EC analysis, CVE diffs, coreboot/OpenCore port scaffolding
https://ift.tt/ayJm1Wd
Submitted May 31, 2026 at 08:51PM by Intelligent_Bet_4413
via reddit https://ift.tt/g8LExUe
https://ift.tt/ayJm1Wd
Submitted May 31, 2026 at 08:51PM by Intelligent_Bet_4413
via reddit https://ift.tt/g8LExUe
Subnet discovery through multi-protocol TTL tracing
https://ift.tt/wKF89mJ
Submitted June 1, 2026 at 12:35PM by ifritnoises
via reddit https://ift.tt/dmRzrC0
https://ift.tt/wKF89mJ
Submitted June 1, 2026 at 12:35PM by ifritnoises
via reddit https://ift.tt/dmRzrC0
Ifrit
Pattern Screamer: Subnet Discovery in Networks with Unknown Addressing
Turn traceroute into network-wide recon: TTL tracing across ICMP, TCP and UDP to map subnets behind filters
Stealing Passwords via HTML Injection Under a Strict CSP
https://ift.tt/U9v8N4p
Submitted June 1, 2026 at 06:07PM by bajk
via reddit https://ift.tt/CHleTsk
https://ift.tt/U9v8N4p
Submitted June 1, 2026 at 06:07PM by bajk
via reddit https://ift.tt/CHleTsk
Afine
Password Autofill Abused via HTML Injection | AFINE
Turning a reflected HTML injection under a strict CSP into full credential theft by chaining password autofill with Referer header leakage.
Dutch Police and NCSC dismantle 17-million-device botnet running on 200 servers seized from local hosting provider
https://ift.tt/YWFVA12
Submitted June 1, 2026 at 07:03PM by technadu
via reddit https://ift.tt/CE3KZvO
https://ift.tt/YWFVA12
Submitted June 1, 2026 at 07:03PM by technadu
via reddit https://ift.tt/CE3KZvO
TechNadu
Police and NCSC Dismantle Netherlands 17-Million Device Botnet - TechNadu
A Police and National Cyber Security Center (NCSC) joint operation dismantled a major botnet in the Netherlands that controlled 17 million infected devices.
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted June 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/OTMICYv
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted June 1, 2026 at 06:59PM by albinowax
via reddit https://ift.tt/OTMICYv
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain
https://ift.tt/56y4Pvi
Submitted June 1, 2026 at 06:39PM by oigong
via reddit https://ift.tt/lMAd7hI
https://ift.tt/56y4Pvi
Submitted June 1, 2026 at 06:39PM by oigong
via reddit https://ift.tt/lMAd7hI
GMO Flatt Security Research
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain
Introduction
Hello, I’m RyotaK
( @ryotkak
), a security researcher at GMO Flatt Security Inc.
After publishing my previous article ( Pwning Claude Code in 8 Different Ways
), I continued investigating Claude-related products and found several more vulnerabilities.…
Hello, I’m RyotaK
( @ryotkak
), a security researcher at GMO Flatt Security Inc.
After publishing my previous article ( Pwning Claude Code in 8 Different Ways
), I continued investigating Claude-related products and found several more vulnerabilities.…
Blind POST SSRF in phpBB 4.0.0-alhpa1 Web Push (CVD with phpBB)
https://ift.tt/iKCZh1N
Submitted June 2, 2026 at 02:14AM by Sandwich_1337
via reddit https://ift.tt/3uJBTwC
https://ift.tt/iKCZh1N
Submitted June 2, 2026 at 02:14AM by Sandwich_1337
via reddit https://ift.tt/3uJBTwC
Syntetisk
Blind POST SSRF in phpBB 4.0.0-alpha1 Web Push (CVD with phpBB)
A registered phpBB 4.0.0-alpha1 user could point Web Push at any URL; the server fetched it. Coordinated disclosure; fixed in phpBB 4.0.0-a2.
NuGet Code Execution As A Service
https://ift.tt/GqcpbK4
Submitted June 2, 2026 at 07:11AM by clod81
via reddit https://ift.tt/krJD219
https://ift.tt/GqcpbK4
Submitted June 2, 2026 at 07:11AM by clod81
via reddit https://ift.tt/krJD219
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Device Code Phishing Forensics: What We Learned Investigating BEC in the Wild
https://ift.tt/SFEoZIA
Submitted June 2, 2026 at 08:34PM by vaizor
via reddit https://ift.tt/CDT1Nsi
https://ift.tt/SFEoZIA
Submitted June 2, 2026 at 08:34PM by vaizor
via reddit https://ift.tt/CDT1Nsi
Eye Research
Device Code Phishing Forensics: What We Learned Investigating BEC in the Wild
Device code phishing is scaling fast. We investigated real BEC cases to show how attackers abuse Microsoft’s login flow, why forensics get tricky, and how defenders can detect, block, and investigate these attacks in Entra ID, Sentinel, Conditional Access…
1-Click GitHub Token Stealing via a VSCode Bug
https://ift.tt/4pyB3hC
Submitted June 2, 2026 at 08:59PM by ammar2
via reddit https://ift.tt/kvr0COE
https://ift.tt/4pyB3hC
Submitted June 2, 2026 at 08:59PM by ammar2
via reddit https://ift.tt/kvr0COE
Ammar's Blog
1-Click GitHub Token Stealing via a VSCode Bug
My blog, mostly about programming
We Added a Detection Rule. We Were Not Expecting This.
https://ift.tt/PR3ZaOk
Submitted June 2, 2026 at 11:36PM by GelosSnake
via reddit https://ift.tt/dUzYiuw
https://ift.tt/PR3ZaOk
Submitted June 2, 2026 at 11:36PM by GelosSnake
via reddit https://ift.tt/dUzYiuw
Profero | Rapid-IR
We Added a Detection Rule. We Were Not Expecting This.
Claude Desktop launches its AI subprocess with --allow-dangerously-skip-permissions. We found the command line, reverse-engineered the architecture, and threat-modeled what an attacker could actually do inside that sandbox, including a prompt injection chain…
Using AI to Secure Its Generated Code Is a Ponzi Scheme
https://ift.tt/XY7iCAj
Submitted June 3, 2026 at 11:09AM by pi3ch
via reddit https://ift.tt/qe5C9R7
https://ift.tt/XY7iCAj
Submitted June 3, 2026 at 11:09AM by pi3ch
via reddit https://ift.tt/qe5C9R7
Pedram Hayati
Using AI to Secure Its Own Code Is a Ponzi Scheme
AI can tell you what your software does. It cannot tell you what your software must never do. So you should not rely on it
If I wrote my own financial audit report and handed it to you, would you give me a loan?
Most people would not. A self-certified audit…
If I wrote my own financial audit report and handed it to you, would you give me a loan?
Most people would not. A self-certified audit…
Golang code review notes II - elttam
https://ift.tt/j0IOT9J
Submitted June 3, 2026 at 12:11PM by AnimalStrange
via reddit https://ift.tt/P0CB9TL
https://ift.tt/j0IOT9J
Submitted June 3, 2026 at 12:11PM by AnimalStrange
via reddit https://ift.tt/P0CB9TL
Elttam
Golang code review notes II - elttam
Abusing iDEAL (Wero): how criminals weaponise legitimate payment links in phishing
https://ift.tt/GVtDph6
Submitted June 3, 2026 at 01:32PM by wez32
via reddit https://ift.tt/uTyCQRk
https://ift.tt/GVtDph6
Submitted June 3, 2026 at 01:32PM by wez32
via reddit https://ift.tt/uTyCQRk
Zolder
Abusing iDEAL (Wero): how criminals weaponise legitimate payment links in phishing - Zolder
During our security research we keep encountering the same iDEAL abuse pattern: criminals generate a real iDEAL payment link for their own purchases and trick victims into paying it. Here is how it works, why it is hard to prevent, and an open question for…
Hacking your PC using your speaker without ever touching it
https://ift.tt/qNIpxGy
Submitted June 3, 2026 at 04:24PM by nns_ee
via reddit https://ift.tt/g8WFrSZ
https://ift.tt/qNIpxGy
Submitted June 3, 2026 at 04:24PM by nns_ee
via reddit https://ift.tt/g8WFrSZ
blog.nns.ee
Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee
Abusing an unauthenticated Bluetooth protocol to turn a PC speaker into a Rubber Ducky.
Interesting- What LLM vuln research looks like
https://ift.tt/72bXQay
Submitted June 3, 2026 at 06:03PM by derp6996
via reddit https://ift.tt/ZHsQPz6
https://ift.tt/72bXQay
Submitted June 3, 2026 at 06:03PM by derp6996
via reddit https://ift.tt/ZHsQPz6
Claroty
Hands Free: What LLM Driven Vulnerability Research Looks Like
Claroty Team82 researchers used Anthropic’s Claude Opus 4.6 AI model to uncover vulnerabilities in a popular video intercom platform manufactured by Zenitel. Team82 had already manually researched and disclosed five vulnerabilities in the TCIV-3+ model, a…