Season VI of the US Games launches TOMORROW!
https://ift.tt/OJruEi4
Submitted June 4, 2026 at 01:35AM by US_Cyber_Games
via reddit https://ift.tt/bGVN0Wi
https://ift.tt/OJruEi4
Submitted June 4, 2026 at 01:35AM by US_Cyber_Games
via reddit https://ift.tt/bGVN0Wi
Enter the WasmForge: Compiling Sliver into WebAssembly
https://ift.tt/SrcXPao
Submitted June 4, 2026 at 07:19PM by bouncyhat
via reddit https://ift.tt/hpe5zOV
https://ift.tt/SrcXPao
Submitted June 4, 2026 at 07:19PM by bouncyhat
via reddit https://ift.tt/hpe5zOV
Praetorian
Enter the WasmForge: Compiling Sliver into WebAssembly
Expose how compiling Sliver into WebAssembly beats EDR: WasmForge produces opsec-safe binaries with zero changes to the tool source.
Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js
https://zhero-web-sec.github.io/research-and-things/re-cache-excessive-reflection-type-confusion-and-0-click-sxss-on-nextjs
Submitted June 4, 2026 at 08:20PM by albinowax
via reddit https://ift.tt/zi6AQy2
https://zhero-web-sec.github.io/research-and-things/re-cache-excessive-reflection-type-confusion-and-0-click-sxss-on-nextjs
Submitted June 4, 2026 at 08:20PM by albinowax
via reddit https://ift.tt/zi6AQy2
Reddit
From the netsec community on Reddit: Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js
Posted by albinowax - 8 votes and 3 comments
Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)
https://ift.tt/cpWFtzN
Submitted June 4, 2026 at 08:24PM by Sandwich_1337
via reddit https://ift.tt/4MIscT3
https://ift.tt/cpWFtzN
Submitted June 4, 2026 at 08:24PM by Sandwich_1337
via reddit https://ift.tt/4MIscT3
Syntetisk
Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)
A two-byte gRPC request crashed AWS's Kubernetes KMS plugin. Coordinated disclosure with AWS VDP; fix merged as aws-encryption-provider#169.
System Over Model, Tested: Reproducing Mythos’s FreeBSD Find on Local Open-Weight Models
https://clearbluejar.github.io/posts/system-over-model-tested-mythos-freebsd-local-openweight/
Submitted June 4, 2026 at 11:42PM by onlinereadme
via reddit https://ift.tt/kTcBKQ0
https://clearbluejar.github.io/posts/system-over-model-tested-mythos-freebsd-local-openweight/
Submitted June 4, 2026 at 11:42PM by onlinereadme
via reddit https://ift.tt/kTcBKQ0
clearbluejar
System Over Model, Tested: Reproducing Mythos’s FreeBSD Find on Local Open-Weight Models
Mythos found a 17-year-old FreeBSD RCE; AISLE reproduced it with gpt-5.4-nano via their nano-analyzer pipeline. I ran the pipeline on two local open-weight models, gpt-oss-20b and gemma-4-31b-it. The misses recovered on re-run. The real problem was the false…
Unauthenticated RCE as QSECOFR via IBM i Management Central — port 5555, client-controlled verify flag, no credentials required (V7R4 and earlier)
https://ift.tt/ifQ24dH
Submitted June 5, 2026 at 05:05PM by dn3t
via reddit https://ift.tt/SVun0JQ
https://ift.tt/ifQ24dH
Submitted June 5, 2026 at 05:05PM by dn3t
via reddit https://ift.tt/SVun0JQ
Silent Signal Techblog
Unauthenticated RCE as QSECOFR via IBM i Management Central
Because we can!
Seven Years on a Public Clipboard: Pasted Secrets, Türkiye's Exposure, and a Stored XSS
https://ift.tt/21IVA3g
Submitted June 5, 2026 at 06:27PM by thewhippersnapper4
via reddit https://ift.tt/6GCQV2U
https://ift.tt/21IVA3g
Submitted June 5, 2026 at 06:27PM by thewhippersnapper4
via reddit https://ift.tt/6GCQV2U
beyondmemory.io
Advanced Cyber Threat Intelligence | Beyond Memory
Unified threat intelligence platform combining dark web monitoring, stealer log analysis, and attack surface recon.
Keeping Secrets Out of Logs
https://ift.tt/lm8k5p0
Submitted June 5, 2026 at 08:05PM by fagnerbrack
via reddit https://ift.tt/qGif1Mj
https://ift.tt/lm8k5p0
Submitted June 5, 2026 at 08:05PM by fagnerbrack
via reddit https://ift.tt/qGif1Mj
allan.reyes.sh
Keeping Secrets Out of Logs
There's no silver bullet, but if we put some "lead" bullets in the right
places, we have a good shot at keeping sensitive data out of logs.
places, we have a good shot at keeping sensitive data out of logs.
Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption
https://ift.tt/ag08J2R
Submitted June 5, 2026 at 09:25PM by LowerGrand9303
via reddit https://ift.tt/mvulX9t
https://ift.tt/ag08J2R
Submitted June 5, 2026 at 09:25PM by LowerGrand9303
via reddit https://ift.tt/mvulX9t
paste.rs
Markdown | UkBmF | Rocket Powered Pastebin
a simple, no-frills, command-line driven
pastebin service powered by the Rocket web framework.
pastebin service powered by the Rocket web framework.
PSA: Attack Shark R85 HE (FREEWOLF US / Amazon) — BadUSB credential harvester, confirmed malware
https://ift.tt/cKQaXoy
Submitted June 7, 2026 at 07:02AM by RefrigeratorLegal868
via reddit https://ift.tt/myCYQNd
https://ift.tt/cKQaXoy
Submitted June 7, 2026 at 07:02AM by RefrigeratorLegal868
via reddit https://ift.tt/myCYQNd
EDRChoker: Choking The Telemetry Stream to Bypass Defenses
https://ift.tt/icqAOER
Submitted June 7, 2026 at 03:30PM by Cold-Dinosaur
via reddit https://ift.tt/BbmqoaS
https://ift.tt/icqAOER
Submitted June 7, 2026 at 03:30PM by Cold-Dinosaur
via reddit https://ift.tt/BbmqoaS
Zerosalarium
EDRChoker: Choking The Telemetry Stream to Bypass Defenses
EDRChoker redteam tool uses Policy-based QoS - pacer.sys to set throttling on EDR agents, causing them to always time out, effectively blocking them
CVE-2026-46640: Developing payloads for Twig sandbox bypass
https://gist.github.com/vladko312/39507beaa58eacf3b62e6a6e6cd69128
Submitted June 7, 2026 at 05:35AM by vladko312
via reddit https://ift.tt/W3pudRf
https://gist.github.com/vladko312/39507beaa58eacf3b62e6a6e6cd69128
Submitted June 7, 2026 at 05:35AM by vladko312
via reddit https://ift.tt/W3pudRf
Gist
This research documents my development of payloads for the CVE-2026-46640.
This research documents my development of payloads for the CVE-2026-46640. - CVE-2026-46640 writeup.md
Arc Gate — runtime governance proxy for AI agents, catches multi-turn prompt injection via geometric drift detection — try to break it
https://web-production-6e47f.up.railway.app/demo
Submitted June 8, 2026 at 06:51PM by Turbulent-Tap6723
via reddit https://ift.tt/ywISjGd
https://web-production-6e47f.up.railway.app/demo
Submitted June 8, 2026 at 06:51PM by Turbulent-Tap6723
via reddit https://ift.tt/ywISjGd
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by Turbulent-Tap6723 - 1 vote and 1 comment
AI Agents May Always Fall for Prompt Injections
https://ift.tt/9w8LYNF
Submitted June 9, 2026 at 11:52AM by User_Deprecated
via reddit https://ift.tt/5nH4qbs
https://ift.tt/9w8LYNF
Submitted June 9, 2026 at 11:52AM by User_Deprecated
via reddit https://ift.tt/5nH4qbs
arXiv.org
AI Agents May Always Fall for Prompt Injections
Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm (data-instruction separation) both fails to detect...
I just completed Search Skills room on TryHackMe! Learn to efficiently search the Internet and use specialised services and technical docs for information
https://ift.tt/q03UOrg
Submitted June 9, 2026 at 12:57PM by Magnese1625
via reddit https://ift.tt/mXnbBuO
https://ift.tt/q03UOrg
Submitted June 9, 2026 at 12:57PM by Magnese1625
via reddit https://ift.tt/mXnbBuO
I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue
https://ift.tt/Ln5i16Z
Submitted June 9, 2026 at 03:20PM by Huge-Skirt-6990
via reddit https://ift.tt/4HUQh2B
https://ift.tt/Ln5i16Z
Submitted June 9, 2026 at 03:20PM by Huge-Skirt-6990
via reddit https://ift.tt/4HUQh2B
malext.io
SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches — MalExt Sentry
Threat intelligence report: SearchJack. Research by MalExt Sentry.
WinGet - Code Execution, Persistence and Detection Strategies
https://ift.tt/B9l0OZr
Submitted June 9, 2026 at 05:52PM by netbiosX
via reddit https://ift.tt/IrXzKwB
https://ift.tt/B9l0OZr
Submitted June 9, 2026 at 05:52PM by netbiosX
via reddit https://ift.tt/IrXzKwB
Purple Team
WinGet
WinGet also known as Windows Package Manager, is Microsoft’s command-line for discovering, installing, upgrading, configuring, and removing applications on Windows. It is commonly used by Adm…
X.com silently injects session-bound tracking tokens into your clipboard on every copy — security tools correctly flag this as malicious injection
https://ift.tt/erb73hg
Submitted June 9, 2026 at 06:49PM by GlitteringOwl6669
via reddit https://ift.tt/pmcBXvG
https://ift.tt/erb73hg
Submitted June 9, 2026 at 06:49PM by GlitteringOwl6669
via reddit https://ift.tt/pmcBXvG
GitLab
jacquesmyo / security-findings · GitLab
Entra Agent ID from a Security Perspective
https://ift.tt/GB85jJh
Submitted June 9, 2026 at 07:32PM by GonzoZH
via reddit https://ift.tt/PlizVsN
https://ift.tt/GB85jJh
Submitted June 9, 2026 at 07:32PM by GonzoZH
via reddit https://ift.tt/PlizVsN
Apple’s Siri-AI, or more shouting into the void about “private” agents
https://ift.tt/JMuqG21
Submitted June 10, 2026 at 12:33AM by feross
via reddit https://ift.tt/TMKczBt
https://ift.tt/JMuqG21
Submitted June 10, 2026 at 12:33AM by feross
via reddit https://ift.tt/TMKczBt
A Few Thoughts on Cryptographic Engineering
The future of Siri, or: why private inference isn’t private enough
Yesterday Apple announced a big step towards deploying real AI in their Siri ecosystem. In most ways this is good and inevitable: Siri is one of the world’s most widely-used voice agents, and…
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs
https://ift.tt/7ZdGFQR
Submitted June 10, 2026 at 06:24AM by dx7r__
via reddit https://ift.tt/aEpHUCq
https://ift.tt/7ZdGFQR
Submitted June 10, 2026 at 06:24AM by dx7r__
via reddit https://ift.tt/aEpHUCq
watchTowr Labs
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
Today, Ivanti published an advisory.
“No way?” we hear you say. "Yes way!"
Today’s advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities.…
“No way?” we hear you say. "Yes way!"
Today’s advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities.…