Cloudflare patches Copy-Fail across every server in two days
https://ift.tt/omf5Wkn
Submitted June 23, 2026 at 03:48PM by xmull1gan
via reddit https://ift.tt/4EYewop
https://ift.tt/omf5Wkn
Submitted June 23, 2026 at 03:48PM by xmull1gan
via reddit https://ift.tt/4EYewop
The Cloudflare Blog
How Cloudflare responded to the “Copy Fail” Linux vulnerability
When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation.
I compiled a unified LLM-CTF benchmark – 2,639 real data points from NeurIPS 2024 + original multi-agent runs
https://ift.tt/A9aY6E5
Submitted June 24, 2026 at 04:48AM by TargetConnect891
via reddit https://ift.tt/tlFkAMe
https://ift.tt/A9aY6E5
Submitted June 24, 2026 at 04:48AM by TargetConnect891
via reddit https://ift.tt/tlFkAMe
Kaggle
Can AI Hack? LLM CTF Benchmark
Can AI actually hack? 2,639 real challenge attempts, 10 models, 5 categories
CVE-2026-20971: Samsung Android kernel UAF affecting Galaxy S9-S25
https://ift.tt/DS86ofF
Submitted June 24, 2026 at 04:25PM by sutf61
via reddit https://ift.tt/qW6j9XE
https://ift.tt/DS86ofF
Submitted June 24, 2026 at 04:25PM by sutf61
via reddit https://ift.tt/qW6j9XE
Lucidbitlabs
When Defenses Become Attack Surface: CVE-2026-20971, a Samsung Kernel UAF
LucidBit Labs research shows how Samsung's FIVE integrity subsystem exposed an app-reachable kernel use-after-free with multiple exploit-relevant primitives.
No Side to Take: Political Indifference Inside the 4vps.su Leak
https://ift.tt/D2H8XZA
Submitted June 24, 2026 at 04:16PM by 0x5h4un
via reddit https://ift.tt/xJDGRUY
https://ift.tt/D2H8XZA
Submitted June 24, 2026 at 04:16PM by 0x5h4un
via reddit https://ift.tt/xJDGRUY
Disclosing.Observer
No Side to Take: Political Indifference Inside the 4vps.su Leak
A leaked dataset from 4vps[.]su shows a hosting environment where proxy networks, criminal infrastructure, and targeted attack activity coexist without requi...
Exploiting vulnerabilities in Johnson & Johnson web apps
https://ift.tt/R28dzWM
Submitted June 24, 2026 at 10:04PM by EatonZ
via reddit https://ift.tt/lamqYrJ
https://ift.tt/R28dzWM
Submitted June 24, 2026 at 10:04PM by EatonZ
via reddit https://ift.tt/lamqYrJ
Eaton-Works
Exploiting vulnerabilities in Johnson & Johnson web apps
Campus Recruiting vulnerability exposed student information, and Audit Tracking Management System vulnerability exposed confidential internal audit data.
TanStack npm compromise: 42 packages published with valid SLSA provenance via OIDC token theft from runner memory
https://ift.tt/fTDCP4o
Submitted June 24, 2026 at 09:37PM by GapLimp8396
via reddit https://ift.tt/KTOVGxn
https://ift.tt/fTDCP4o
Submitted June 24, 2026 at 09:37PM by GapLimp8396
via reddit https://ift.tt/KTOVGxn
AutoDoc Security Notes
Last week I told you to check provenance. Here’s the attack that breaks that advice.
In my last post, I argued that the Axios compromise was catchable because the malicious versions had no provenance — they were pushed by hand with a stolen t...
Technical Co-founder needed for CyberTech new venture
https://ift.tt/GxbmBuP
Submitted June 25, 2026 at 01:10PM by embryonic_studio
via reddit https://ift.tt/Le2boxF
https://ift.tt/GxbmBuP
Submitted June 25, 2026 at 01:10PM by embryonic_studio
via reddit https://ift.tt/Le2boxF
embryonic.studio
embryōnic // apply to the open cohorts
Discover how we hatch ventures with founders and apply.
Windows Defender antivirus bypass in 2026
https://ift.tt/x14KSqf
Submitted June 25, 2026 at 12:55PM by Hackmosphere
via reddit https://ift.tt/U6qzgDV
https://ift.tt/x14KSqf
Submitted June 25, 2026 at 12:55PM by Hackmosphere
via reddit https://ift.tt/U6qzgDV
Hackmosphere
Windows Defender antivirus bypass in 2025 - part 1
Discover how antivirus works and how to setup a lab for (Windows Defender) antivirus bypass. Basic code is provided to start experimenting !
CargoWise WebTracker - The keys were in the cargo
https://ift.tt/5DjyJeN
Submitted June 25, 2026 at 05:04PM by Mempodipper
via reddit https://ift.tt/mvMSVyi
https://ift.tt/5DjyJeN
Submitted June 25, 2026 at 05:04PM by Mempodipper
via reddit https://ift.tt/mvMSVyi
Searchlight Cyber
CargoWise WebTracker – The Keys Were in the Cargo › Searchlight Cyber
Stay current: Get research alerts for newly disclosed vulnerabilities and exposures WiseTech Global develops CargoWise, one of the most widely deployed logistics software platforms in the world. It is used by freight forwarders, customs brokers, warehousing…
CVE-2025-52465 geoserver arbitrary file write vulnerability
https://www.partywave.site/show/research/cve-2025-52465-geolocate-geoserver
Submitted June 25, 2026 at 09:00PM by AlbatrossMaximum4489
via reddit https://ift.tt/dE63OQT
https://www.partywave.site/show/research/cve-2025-52465-geolocate-geoserver
Submitted June 25, 2026 at 09:00PM by AlbatrossMaximum4489
via reddit https://ift.tt/dE63OQT
partywavesec
GeoLocate CVE-2025-52465 - GeoServer exploitation
CVE-2025-52465 write-up covering GeoServer's Master Password Dump flaw, arbitrary file creation, affected versions, and practical impact.
We Scanned 50,000 Skills: The Threat Persists · Tencent Zhuque Lab
https://ift.tt/vZmCx8A
Submitted June 26, 2026 at 02:18PM by thobiso
via reddit https://ift.tt/G5y6YXZ
https://ift.tt/vZmCx8A
Submitted June 26, 2026 at 02:18PM by thobiso
via reddit https://ift.tt/G5y6YXZ
Tencent Zhuque Lab
We Scanned 50,000 Skills: The Threat Persists · Tencent Zhuque Lab
The explosive popularity of OpenClaw in early 2026 transformed AI from a system that answers questions into an agent that executes operations on your behalf. "Skills" are the primary mechanism through which Agents acquire these capabilities, making them the…
Supply chain analysis: Kickbacks.ai VS Code extension. Empty pubkey, CSP relaxation, 90-second unsigned self-update, 60-second reassertion loop
https://ift.tt/hvlqi0f
Submitted June 27, 2026 at 02:27AM by madtv_fan
via reddit https://ift.tt/9n4dQhF
https://ift.tt/hvlqi0f
Submitted June 27, 2026 at 02:27AM by madtv_fan
via reddit https://ift.tt/9n4dQhF
Southside CHI Solutions
Kickbacks.ai Security Review: VS Code Adware With a Payout Page
Kickbacks.ai security review and reverse engineering. This VS Code extension patches files, runs unsigned updates, and acts as adware. What businesses should know.
Slow JSON Stream: 64 connections at 1 B/s takes down PHP/Laravel in under 2 minutes
https://ift.tt/biMLQU5
Submitted June 27, 2026 at 04:46PM by cr0hn
via reddit https://ift.tt/lFnkThY
https://ift.tt/biMLQU5
Submitted June 27, 2026 at 04:46PM by cr0hn
via reddit https://ift.tt/lFnkThY
Cr0Hn
Slow JSON Stream: 64 connections at 1 B/s takes down PHP/Laravel in under 2 minutes – cr0hn
New DoS attack: 37/41 HTTP frameworks vulnerable by default. 64 connections at 1 byte/s exhausts PHP/Laravel in <2 min. Full PoC + paper + Docker testbed included.
A peek into Reddit's anti-spam internals
https://ift.tt/0cjugbW
Submitted June 27, 2026 at 10:33PM by rebane2001
via reddit https://ift.tt/2Djxn45
https://ift.tt/0cjugbW
Submitted June 27, 2026 at 10:33PM by rebane2001
via reddit https://ift.tt/2Djxn45
lyra's epic blog
A peek into Reddit's anti-spam internals
How Reddit accidentally leaked its spamurai system.
50 Chrome extensions. One codebase. One backend. One API key.
https://ift.tt/KMlEQzG
Submitted June 28, 2026 at 05:32AM by Huge-Skirt-6990
via reddit https://ift.tt/guNwISc
https://ift.tt/KMlEQzG
Submitted June 28, 2026 at 05:32AM by Huge-Skirt-6990
via reddit https://ift.tt/guNwISc
malext.io
WhatsCluster: Analysis of a 50-Extension WhatsApp CRM Platform - MalExt Sentry
Threat intelligence report: WhatsCluster: Analysis of a 50-Extension WhatsApp CRM Platform. Research by MalExt Sentry.
Measuring LLM system prompt extraction (OWASP LLM07) against ground truth, across 4 models
https://ift.tt/AUiVoOc
Submitted June 28, 2026 at 01:10PM by Omsherikar
via reddit https://ift.tt/LmSVjvG
https://ift.tt/AUiVoOc
Submitted June 28, 2026 at 01:10PM by Omsherikar
via reddit https://ift.tt/LmSVjvG
www.omsherikar.me
Your System Prompt Is Not a Secret
How much of an LLM system prompt actually leaks? A measured study of system prompt extraction (OWASP LLM07, System Prompt Leakage), tested against ground truth across four models. Real numbers, and one result that surprised me.
Dissecting Apple's Sparse Image Format (ASIF)
https://ift.tt/Doy9TcS
Submitted June 28, 2026 at 04:31PM by luke-paradoxis
via reddit https://ift.tt/mQiPMOW
https://ift.tt/Doy9TcS
Submitted June 28, 2026 at 04:31PM by luke-paradoxis
via reddit https://ift.tt/mQiPMOW
schamper.dev
Dissecting Apple's Sparse Image Format (ASIF) | schamper.dev
At WWDC 2025, Apple announced macOS 26 Tahoe. One of the new features in macOS Tahoe is a new disk image format: ASIF. Designed for use with virtual machines (its documentation lives under the Virtualization framework), ASIF takes a lot of inspiration from…
I tried a Local AI model (Qwen 3.6 27b) for security research and it works surprisingly well.
https://ift.tt/ADthG43
Submitted June 28, 2026 at 05:26PM by ezzzzz
via reddit https://ift.tt/m0QEys2
https://ift.tt/ADthG43
Submitted June 28, 2026 at 05:26PM by ezzzzz
via reddit https://ift.tt/m0QEys2
Research Blog | Project Black
Local AI for Penetration Testing & Research
How competent are local AI models for cyber security bug hunting and research?
WinPE as a stateless harness for Windows driver testing and fuzzing
https://ift.tt/Iy7lh2u
Submitted June 29, 2026 at 12:53AM by Acanthisitta-Sea
via reddit https://ift.tt/CIlaEPj
https://ift.tt/Iy7lh2u
Submitted June 29, 2026 at 12:53AM by Acanthisitta-Sea
via reddit https://ift.tt/CIlaEPj
bednars.me
WinPE as a stateless harness for Windows driver testing and fuzzing - bednars.me
Eliminate the overhead and lack of idempotency of a full Windows system in automated testing. A practical guide to configuring WinPE and QEMU for lightning-fast boot, automating kernel debugging, and avoiding KDNET pitfalls.
Applying DI in C to decouple Windows exploitation from the execution mechanics
https://ift.tt/Hj3XJaf
Submitted June 29, 2026 at 04:23PM by Important_Map6928
via reddit https://ift.tt/1xQj6LP
https://ift.tt/Hj3XJaf
Submitted June 29, 2026 at 04:23PM by Important_Map6928
via reddit https://ift.tt/1xQj6LP
sibouzitoun.tech
SindriKit 1.1.0: Injection Without Rewriting Your Implant
Classic remote injection lands in SindriKit: shellcode in a handful of lines, full PE mapping in one chain call, and a cleaner syscall resolver pipeline.
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs
https://ift.tt/trER2ZH
Submitted June 30, 2026 at 12:57AM by dx7r__
via reddit https://ift.tt/9uXrTUb
https://ift.tt/trER2ZH
Submitted June 30, 2026 at 12:57AM by dx7r__
via reddit https://ift.tt/9uXrTUb
watchTowr Labs
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
Welcome back to another watchTowr Labs blog post.
This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping…
This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping…