Extortion group FulcrumSec leaks initial samples from 1.3TB Novo Nordisk data breach following failed $25M ransom demand
https://ift.tt/6xDA0YG
Submitted June 17, 2026 at 03:11PM by technadu
via reddit https://ift.tt/dwZE2j4
https://ift.tt/6xDA0YG
Submitted June 17, 2026 at 03:11PM by technadu
via reddit https://ift.tt/dwZE2j4
TechNadu
FulcrumSec Claims 1TB Data Theft From Novo Nordisk, $25M Demand - TechNadu
FulcrumSec claims to have stolen over a terabyte of data from Novo Nordisk and demanded $25 million. Novo Nordisk disclosed an incident on June 11.
QoS Policies to Restrict EDR Traffic and Detection Strategies
https://ift.tt/NklHRBG
Submitted June 17, 2026 at 03:06PM by netbiosX
via reddit https://ift.tt/RkDvu2T
https://ift.tt/NklHRBG
Submitted June 17, 2026 at 03:06PM by netbiosX
via reddit https://ift.tt/RkDvu2T
Purple Team
QoS Policies
In Windows, a Quality of Service (QoS) policy is a rule that handles outbound network traffic. Specifically, it is used to cap the outbound bandwidth of a process, port, or protocol. Organizations …
We benchmarked AI-generated code against an AI security reviewer and published the results including where the reviewer made things worse
https://ift.tt/UcwKajG
Submitted June 17, 2026 at 07:24PM by VibeReview
via reddit https://ift.tt/Nx85efZ
https://ift.tt/UcwKajG
Submitted June 17, 2026 at 07:24PM by VibeReview
via reddit https://ift.tt/Nx85efZ
VibeReview
We benchmarked our own AI security reviewer on 50 vibe-coded features. — VibeReview
A controlled experiment on a Java Spring API. Same prompts, same model, two branches: one reviewed by VibeReview by SecurityReview AI, one not. We are publishing the wins and the regression.
Worth a MalExt Report? A 2 Million-User Chrome Extension Added Give Freely/Wildlink in a 5-Day Update
https://ift.tt/cwasjT4
Submitted June 18, 2026 at 01:40AM by Huge-Skirt-6990
via reddit https://ift.tt/807RKSg
https://ift.tt/cwasjT4
Submitted June 18, 2026 at 01:40AM by Huge-Skirt-6990
via reddit https://ift.tt/807RKSg
Google
Volume Booster - Chrome Web Store
Chrome Extension for Boosting Volume Past Max Settings
Claude Fable 5: the agent harness matters more than the frontier model
https://ift.tt/8J7akvU
Submitted June 18, 2026 at 05:05AM by bugvader25
via reddit https://ift.tt/rmiSwU7
https://ift.tt/8J7akvU
Submitted June 18, 2026 at 05:05AM by bugvader25
via reddit https://ift.tt/rmiSwU7
Endorlabs
Claude Fable 5, take two: same model, different harness, and a very different result | Blog | Endor Labs
CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance
https://innerfirez.github.io/posts/the-secret-life-of-probe-requests/
Submitted June 18, 2026 at 11:35PM by Ecstatic_Priority514
via reddit https://ift.tt/aOJBnk1
https://innerfirez.github.io/posts/the-secret-life-of-probe-requests/
Submitted June 18, 2026 at 11:35PM by Ecstatic_Priority514
via reddit https://ift.tt/aOJBnk1
Messing with Code So You Don’t Have To
CVE-2026-5667: The Secret Life of Probe Requests – Mitsubishi MAC-577IF-2E WiFi Adapter
CVE-2026-5667 – Unauthenticated remote control of Mitsubishi MAC-577IF-2E WiFi air conditioner adapters discovered via citywide probe request reconnaissance. Full technical writeup with PoC methodology.
Monitoring the Claude execution layer with OpenTelemetry
https://ift.tt/8Rc2kmh
Submitted June 19, 2026 at 03:57PM by TheAlphaBravo
via reddit https://ift.tt/yxQPlSz
https://ift.tt/8Rc2kmh
Submitted June 19, 2026 at 03:57PM by TheAlphaBravo
via reddit https://ift.tt/yxQPlSz
PaperMtn
Mind the Gap: Closing Claude's Compliance API Blind Spots with OpenTelemetry
Gain visibility for Claude beyond the Compliance API. Using OpenTelemetry to get logs that include tool calls, MCP activity and file access.
Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration
https://ift.tt/8VuxzWw
Submitted June 19, 2026 at 03:51PM by qwerty0x41
via reddit https://ift.tt/NipsEen
https://ift.tt/8VuxzWw
Submitted June 19, 2026 at 03:51PM by qwerty0x41
via reddit https://ift.tt/NipsEen
blog.calif.io
Squidbleed (CVE-2026-47729)
Heartbleed's ancient cousin, hiding in Squid since 1997.
OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099)
https://ift.tt/JdIxeX0
Submitted June 19, 2026 at 06:57PM by Emergency_Stable_923
via reddit https://ift.tt/07GJcB4
https://ift.tt/JdIxeX0
Submitted June 19, 2026 at 06:57PM by Emergency_Stable_923
via reddit https://ift.tt/07GJcB4
Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530
https://ift.tt/uJfhZip
Submitted June 20, 2026 at 12:45AM by everping
via reddit https://ift.tt/XYel1bQ
https://ift.tt/uJfhZip
Submitted June 20, 2026 at 12:45AM by everping
via reddit https://ift.tt/XYel1bQ
cystack.net
Use-after-free in the QPACK encoder of nginx HTTP/3
Reading Time: 8 minutesXem bản tiếng Việt tại đây / Read the Vietnamese version Field Detail CyStack Advisory ID CSA-2026-NGINX-01 CVE IDs CVE-2026-42530 […]
Would you like some malware served at the very top of DuckDuckGo?
https://ift.tt/lPJZyUO
Submitted June 18, 2026 at 04:50PM by WesternBest
via reddit https://ift.tt/H5VSrsU
https://ift.tt/lPJZyUO
Submitted June 18, 2026 at 04:50PM by WesternBest
via reddit https://ift.tt/H5VSrsU
tim.sh
Would you like a drainer served at the very top of DuckDuckGo?
Probably no, right?
That would be very dangerous, especially if the phishing website serving it is an exact copy of the thing you was looking for.
Well that's what happened to me!
TL;DR
I found a fake tronscan blockchain explorer duplicate on the #1…
That would be very dangerous, especially if the phishing website serving it is an exact copy of the thing you was looking for.
Well that's what happened to me!
TL;DR
I found a fake tronscan blockchain explorer duplicate on the #1…
Examining deepfake detector robustness under social media re-encoding
https://ift.tt/6le5Rvm
Submitted June 21, 2026 at 06:52PM by Tasty_Pressure_5618
via reddit https://ift.tt/89lX7VD
https://ift.tt/6le5Rvm
Submitted June 21, 2026 at 06:52PM by Tasty_Pressure_5618
via reddit https://ift.tt/89lX7VD
Zenodo
Deepfake Detector Robustness Under Social-Media Re-encoding
A two-phase evaluation of fourteen open-source deepfake detectors on an SDXL + InstantID benchmark, with a robustness study against four social-media ingest pipelines.
Defending bot-detection code that runs on the attacker's own machine
https://ift.tt/LRyQ9Gh
Submitted June 21, 2026 at 07:42PM by TrustSig
via reddit https://ift.tt/rv9iGRj
https://ift.tt/LRyQ9Gh
Submitted June 21, 2026 at 07:42PM by TrustSig
via reddit https://ift.tt/rv9iGRj
trustsig.eu
Reverse Once, Run Forever: Defending Code You Can't Hide
Every line of client-side bot detection runs on hardware the attacker fully owns. Here's the engineering philosophy we use to defend code we can never actually hide.
Scanning malicious websites with 'infinite' number of VPN tunnels (Part 1)
https://ift.tt/XWBfIYx
Submitted June 21, 2026 at 10:37PM by moonlightelite
via reddit https://ift.tt/OIJcisT
https://ift.tt/XWBfIYx
Submitted June 21, 2026 at 10:37PM by moonlightelite
via reddit https://ift.tt/OIJcisT
Substack
Scanning malicious websites with 'infinite' number of VPN tunnels (Part 1)
I pay for 10 VPN connections. I use all 10 VPN connections.
Volume Booster (2M Chrome users) silently activated a commerce-tracking SDK with zero permission prompts
https://ift.tt/m2hn3wg
Submitted June 22, 2026 at 02:28AM by Huge-Skirt-6990
via reddit https://ift.tt/LMTDom9
https://ift.tt/m2hn3wg
Submitted June 22, 2026 at 02:28AM by Huge-Skirt-6990
via reddit https://ift.tt/LMTDom9
malext.io
QuietBoost: Silent Activation of a Commerce-Tracking SDK - MalExt Sentry
Threat intelligence report: QuietBoost: Silent Activation of a Commerce-Tracking SDK . Research by MalExt Sentry.
[News] RCE found in Meccha Chameleon
https://ift.tt/TkXIgAo
Submitted June 22, 2026 at 11:36AM by Malfuncti0nal
via reddit https://ift.tt/J8N57Ft
https://ift.tt/TkXIgAo
Submitted June 22, 2026 at 11:36AM by Malfuncti0nal
via reddit https://ift.tt/J8N57Ft
Khaelkugler
2-Click Remote Code Execution in Meccha Chameleon
Achieving remote code execution on every player in a game lobby through a malicious Steam Workshop map.
Exploiting Auth0 Defaults in XSS Attacks - elttam
https://ift.tt/Pj9z1uV
Submitted June 22, 2026 at 11:36AM by AnimalStrange
via reddit https://ift.tt/5giozqV
https://ift.tt/Pj9z1uV
Submitted June 22, 2026 at 11:36AM by AnimalStrange
via reddit https://ift.tt/5giozqV
Elttam
Exploiting Auth0 Defaults in XSS Attacks - elttam
SindriKit: Offensive Development Deserves Better Architecture
https://ift.tt/IM1FWPg
Submitted June 22, 2026 at 06:03PM by Important_Map6928
via reddit https://ift.tt/HzvoaG8
https://ift.tt/IM1FWPg
Submitted June 22, 2026 at 06:03PM by Important_Map6928
via reddit https://ift.tt/HzvoaG8
sibouzitoun.tech
SindriKit: Offensive Development Deserves Better Architecture
Offensive C development has been stuck in the dark ages. SindriKit is what happens when you apply thirty years of software engineering to the problem.
CVE-2026-25860 turn XSS to RCE
https://www.partywave.site/show/research/cve-2026-25860-openclinic-ga-xss-to-rce
Submitted June 23, 2026 at 12:01AM by AlbatrossMaximum4489
via reddit https://ift.tt/DO3ydGI
https://www.partywave.site/show/research/cve-2026-25860-openclinic-ga-xss-to-rce
Submitted June 23, 2026 at 12:01AM by AlbatrossMaximum4489
via reddit https://ift.tt/DO3ydGI
partywavesec
CVE-2026-25860 - OpenClinic GA Reflected XSS to RCE
CVE-2026-25860 write-up on OpenClinic GA, covering a reflected XSS flaw in DICOM image uploads and its real-world security impact.
Assessing Automated Prompt Injection Attacks in Agentic Environments
https://ift.tt/sgj2GB6
Submitted June 23, 2026 at 05:00AM by User_Deprecated
via reddit https://ift.tt/5NQEFB6
https://ift.tt/sgj2GB6
Submitted June 23, 2026 at 05:00AM by User_Deprecated
via reddit https://ift.tt/5NQEFB6
arXiv.org
Assessing Automated Prompt Injection Attacks in Agentic Environments
Indirect prompt injection poses a critical threat to LLM agents that interact with untrusted external data, yet automated attack methods--proven effective for jailbreaking--remain underexplored in...
New Cisco RCE was fixed
https://ift.tt/JlGzHRL
Submitted June 23, 2026 at 03:22PM by SSDisclosure
via reddit https://ift.tt/X8P5DSo
https://ift.tt/JlGzHRL
Submitted June 23, 2026 at 03:22PM by SSDisclosure
via reddit https://ift.tt/X8P5DSo
SSD Secure Disclosure
Cisco Unified Communications Manager Arbitrary File Write to RCE - SSD Secure Disclosure
Summary A vulnerability in Cisco Unified Communications Manager (CUCM) allows unauthenticated attackers to arbitrarily write files in the server which in turn can be used to run arbitrary commands/code on the server. Vendor Response The vendor has issued…