Detecting AI-specific threats in Claude Enterprise from the Compliance API: a prefilter + LLM-as-judge pipeline with Sigma rules
https://ift.tt/jtXdDw8
Submitted June 12, 2026 at 12:36AM by TheAlphaBravo
via reddit https://ift.tt/Vmntqrj
https://ift.tt/jtXdDw8
Submitted June 12, 2026 at 12:36AM by TheAlphaBravo
via reddit https://ift.tt/Vmntqrj
PaperMtn
Detecting Misuse with the Claude Compliance API: The Threat Is in the Content
Detections for Claude Enterprise built on Compliance API content: a prefilter and LLM judge that catch prompt injection, jailbreaks and data exfiltration.
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) - watchTowr Labs
https://ift.tt/NoVwDML
Submitted June 12, 2026 at 10:53AM by dx7r__
via reddit https://ift.tt/F31qWZf
https://ift.tt/NoVwDML
Submitted June 12, 2026 at 10:53AM by dx7r__
via reddit https://ift.tt/F31qWZf
watchTowr Labs
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)
It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad people in.
While we’ve seemingly had a breather…
While we’ve seemingly had a breather…
Old Passwords Die Hard: Abusing CREDHIST for offline credential recovery
https://ift.tt/c4QSaWL
Submitted June 12, 2026 at 07:46PM by lefterispanos
via reddit https://ift.tt/R4AoVKE
https://ift.tt/c4QSaWL
Submitted June 12, 2026 at 07:46PM by lefterispanos
via reddit https://ift.tt/R4AoVKE
LRQA
Cracking CREDHIST: Offline hash extraction from DPAPI password history | LRQA
DPAPI's CREDHIST file stores a chain of encrypted historical password material that is rarely targeted during offensive engagements. This post explores the structure of CREDHIST entries, how we extended DPAPISnoop to extract offline-crackable hashes, and…
Free Compromise Detection for GitHub Repos - Tracebit Community Edition
https://ift.tt/YXS4j80
Submitted June 12, 2026 at 08:42PM by tracebit
via reddit https://ift.tt/tIxCPcg
https://ift.tt/YXS4j80
Submitted June 12, 2026 at 08:42PM by tracebit
via reddit https://ift.tt/tIxCPcg
Tracebit
Tracebit Community Edition - Supply Chain Attack Detection
Worried about supply chain attacks hitting your repos? Detect compromised credentials the moment anyone uses them. Free, forever.
Major AI Clients Shipping With Broken OAuth Implementations (JUNE 2026 UPDATE)
https://ift.tt/dhXvAR1
Submitted June 12, 2026 at 08:26PM by mhat
via reddit https://ift.tt/S9wztAs
https://ift.tt/dhXvAR1
Submitted June 12, 2026 at 08:26PM by mhat
via reddit https://ift.tt/S9wztAs
Redcaller
MCP Client OAuth Refresh-Token Support Matrix (June 2026) | RedCaller Docs
A compatibility matrix tracking OAuth refresh-token support across 14 MCP clients. Covers status, root causes, SDK layers, and server-side workarounds.
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) - watchTowr Labs
https://ift.tt/lJIA9g5
Submitted June 13, 2026 at 02:07AM by dx7r__
via reddit https://ift.tt/GVxT2gw
https://ift.tt/lJIA9g5
Submitted June 13, 2026 at 02:07AM by dx7r__
via reddit https://ift.tt/GVxT2gw
watchTowr Labs
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)
Three posts? In three days? Are we insane?
We're home alone, there's no one to stop us, and we're up past bedtime. So, we need to talk about Splunk.
On June 10th, Splunk published this CVE-2026-20253 advisory:
It has everything that we love:
* No authentication
We're home alone, there's no one to stop us, and we're up past bedtime. So, we need to talk about Splunk.
On June 10th, Splunk published this CVE-2026-20253 advisory:
It has everything that we love:
* No authentication
The Axios npm compromise was visible in registry metadata before anyone ran npm install
https://ift.tt/Vagvsl3
Submitted June 13, 2026 at 12:05PM by GapLimp8396
via reddit https://ift.tt/ODaTfi5
https://ift.tt/Vagvsl3
Submitted June 13, 2026 at 12:05PM by GapLimp8396
via reddit https://ift.tt/ODaTfi5
AutoDoc Security Notes
How 30 Seconds of Metadata Would Have Caught the Axios Attack.
March 31, 2026, two malicious axios versions live for ~3 hours, a RAT on every machine that ran a fresh install. Then the turn — the signal that something wa...
Getting the PID from random numbers in PHP
https://ift.tt/e5xpOLj
Submitted June 13, 2026 at 02:14PM by DrAdalbbert
via reddit https://ift.tt/xEP0wHM
https://ift.tt/e5xpOLj
Submitted June 13, 2026 at 02:14PM by DrAdalbbert
via reddit https://ift.tt/xEP0wHM
MeshCentral: From XSS to RCE
https://ift.tt/EXeOk6n
Submitted June 14, 2026 at 02:04AM by kev-thehermit
via reddit https://ift.tt/IdNSq3r
https://ift.tt/EXeOk6n
Submitted June 14, 2026 at 02:04AM by kev-thehermit
via reddit https://ift.tt/IdNSq3r
TechAnarchy
MeshCentral: From XSS to RCE
There has been a lot of hype around Mythos and Large Language models being able to find and exploit vulnerabilities at scale recently, and while this may be true for these emerging frontier models, it's already a reality we live in today, and it's not just…
PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs
https://ift.tt/VEvlOup
Submitted June 14, 2026 at 03:41AM by Huge-Skirt-6990
via reddit https://ift.tt/eSw8g4m
https://ift.tt/VEvlOup
Submitted June 14, 2026 at 03:41AM by Huge-Skirt-6990
via reddit https://ift.tt/eSw8g4m
malext.io
PromptSnatcher: AdBlocker stealing Ai Chats — MalExt Sentry
Threat intelligence report: PromptSnatcher: AdBlocker stealing Ai Chats. Research by MalExt Sentry.
Researcher accidentally gained access to a threat actor-controlled phishing website
https://ift.tt/cVpoHuj
Submitted June 14, 2026 at 12:20PM by anuraggawande
via reddit https://ift.tt/veMLoUz
https://ift.tt/cVpoHuj
Submitted June 14, 2026 at 12:20PM by anuraggawande
via reddit https://ift.tt/veMLoUz
Jonias Fortuna
I Accidentally Logged as Admin Into a Threat Actor Website
I accidentally logged into a malicious website operated by threat actors after scrolling X. Here's how I do that.
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
https://ift.tt/pCIgWny
Submitted June 15, 2026 at 07:12PM by lohacker0
via reddit https://ift.tt/cW6t2w7
https://ift.tt/pCIgWny
Submitted June 15, 2026 at 07:12PM by lohacker0
via reddit https://ift.tt/cW6t2w7
Varonis
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows an attacker to steal sensitive data — MFA codes, email messages, meeting details, and private organizational files — with a single click.
What we found instrumenting AI coding agents in production for two weeks (post-mortem)
https://ift.tt/EzQRmdM
Submitted June 16, 2026 at 01:17AM by BoringEmotion6823
via reddit https://ift.tt/tM7JIfD
https://ift.tt/EzQRmdM
Submitted June 16, 2026 at 01:17AM by BoringEmotion6823
via reddit https://ift.tt/tM7JIfD
Atensecurity
The AI Agent Instrumentation Tax: Lessons from 1,000 Hours of Runtime Telemetry Staging | Aten Security
What happens when you stage autonomous AI agents in production pipelines? A raw, 14-day engineering post-mortem breaking down runtime telemetry mapping, active policy simulation, and the reality of the developer 'instrumentation tax'.
Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)
https://ift.tt/i10LnDI
Submitted June 16, 2026 at 02:08AM by Sandwich_1337
via reddit https://ift.tt/ZMzWOb5
https://ift.tt/i10LnDI
Submitted June 16, 2026 at 02:08AM by Sandwich_1337
via reddit https://ift.tt/ZMzWOb5
Syntetisk
Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)
A two-byte gRPC request crashed AWS's Kubernetes KMS plugin. Coordinated disclosure with AWS VDP; fix merged as aws-encryption-provider#169.
Hackers for Granny: A Call to Arms Against Industrialized Fraud
https://ift.tt/8YvxGDy
Submitted June 16, 2026 at 08:03PM by Professor_Sigmund
via reddit https://ift.tt/6Uq5jf0
https://ift.tt/8YvxGDy
Submitted June 16, 2026 at 08:03PM by Professor_Sigmund
via reddit https://ift.tt/6Uq5jf0
27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass
https://ift.tt/RuS5HX9
Submitted June 17, 2026 at 01:56AM by Emergency_Stable_923
via reddit https://ift.tt/1caYFW6
https://ift.tt/RuS5HX9
Submitted June 17, 2026 at 01:56AM by Emergency_Stable_923
via reddit https://ift.tt/1caYFW6
PrizeBuzz phishing network analysis
https://ift.tt/6tb2FSp
Submitted June 17, 2026 at 05:54AM by Western_Visit_4707
via reddit https://ift.tt/E0jLiMb
https://ift.tt/6tb2FSp
Submitted June 17, 2026 at 05:54AM by Western_Visit_4707
via reddit https://ift.tt/E0jLiMb
Phisheye
PrizeBuzz: The .buzz Prize-Scam Phishing Network
PrizeBuzz is a phishing-as-a-service kit on 318 .buzz domains cloning OMT, Coca-Cola, Vodafone and ~26 more brands via fake WhatsApp prize surveys. IoCs inside.
Getting a CVE Without Shipping Slop
https://ift.tt/9c0whgC
Submitted June 17, 2026 at 09:15AM by Mindless-Study1898
via reddit https://ift.tt/GcC1quV
https://ift.tt/9c0whgC
Submitted June 17, 2026 at 09:15AM by Mindless-Study1898
via reddit https://ift.tt/GcC1quV
Cred Relay
Getting a CVE Without Shipping Slop
How I used Claude Code and Ghidra to turn messy ASUS driver leads into two validated CVEs without sending vendors AI slop.
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
https://ift.tt/jA0OfJ1
Submitted June 17, 2026 at 01:26PM by AlmondOffSec
via reddit https://ift.tt/2xbpCXq
https://ift.tt/jA0OfJ1
Submitted June 17, 2026 at 01:26PM by AlmondOffSec
via reddit https://ift.tt/2xbpCXq
Bobdahacker
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling…
Extortion group FulcrumSec leaks initial samples from 1.3TB Novo Nordisk data breach following failed $25M ransom demand
https://ift.tt/6xDA0YG
Submitted June 17, 2026 at 03:11PM by technadu
via reddit https://ift.tt/dwZE2j4
https://ift.tt/6xDA0YG
Submitted June 17, 2026 at 03:11PM by technadu
via reddit https://ift.tt/dwZE2j4
TechNadu
FulcrumSec Claims 1TB Data Theft From Novo Nordisk, $25M Demand - TechNadu
FulcrumSec claims to have stolen over a terabyte of data from Novo Nordisk and demanded $25 million. Novo Nordisk disclosed an incident on June 11.
QoS Policies to Restrict EDR Traffic and Detection Strategies
https://ift.tt/NklHRBG
Submitted June 17, 2026 at 03:06PM by netbiosX
via reddit https://ift.tt/RkDvu2T
https://ift.tt/NklHRBG
Submitted June 17, 2026 at 03:06PM by netbiosX
via reddit https://ift.tt/RkDvu2T
Purple Team
QoS Policies
In Windows, a Quality of Service (QoS) policy is a rule that handles outbound network traffic. Specifically, it is used to cap the outbound bandwidth of a process, port, or protocol. Organizations …