50 Chrome extensions. One codebase. One backend. One API key.
https://ift.tt/KMlEQzG
Submitted June 28, 2026 at 05:32AM by Huge-Skirt-6990
via reddit https://ift.tt/guNwISc
https://ift.tt/KMlEQzG
Submitted June 28, 2026 at 05:32AM by Huge-Skirt-6990
via reddit https://ift.tt/guNwISc
malext.io
WhatsCluster: Analysis of a 50-Extension WhatsApp CRM Platform - MalExt Sentry
Threat intelligence report: WhatsCluster: Analysis of a 50-Extension WhatsApp CRM Platform. Research by MalExt Sentry.
Measuring LLM system prompt extraction (OWASP LLM07) against ground truth, across 4 models
https://ift.tt/AUiVoOc
Submitted June 28, 2026 at 01:10PM by Omsherikar
via reddit https://ift.tt/LmSVjvG
https://ift.tt/AUiVoOc
Submitted June 28, 2026 at 01:10PM by Omsherikar
via reddit https://ift.tt/LmSVjvG
www.omsherikar.me
Your System Prompt Is Not a Secret
How much of an LLM system prompt actually leaks? A measured study of system prompt extraction (OWASP LLM07, System Prompt Leakage), tested against ground truth across four models. Real numbers, and one result that surprised me.
Dissecting Apple's Sparse Image Format (ASIF)
https://ift.tt/Doy9TcS
Submitted June 28, 2026 at 04:31PM by luke-paradoxis
via reddit https://ift.tt/mQiPMOW
https://ift.tt/Doy9TcS
Submitted June 28, 2026 at 04:31PM by luke-paradoxis
via reddit https://ift.tt/mQiPMOW
schamper.dev
Dissecting Apple's Sparse Image Format (ASIF) | schamper.dev
At WWDC 2025, Apple announced macOS 26 Tahoe. One of the new features in macOS Tahoe is a new disk image format: ASIF. Designed for use with virtual machines (its documentation lives under the Virtualization framework), ASIF takes a lot of inspiration from…
I tried a Local AI model (Qwen 3.6 27b) for security research and it works surprisingly well.
https://ift.tt/ADthG43
Submitted June 28, 2026 at 05:26PM by ezzzzz
via reddit https://ift.tt/m0QEys2
https://ift.tt/ADthG43
Submitted June 28, 2026 at 05:26PM by ezzzzz
via reddit https://ift.tt/m0QEys2
Research Blog | Project Black
Local AI for Penetration Testing & Research
How competent are local AI models for cyber security bug hunting and research?
WinPE as a stateless harness for Windows driver testing and fuzzing
https://ift.tt/Iy7lh2u
Submitted June 29, 2026 at 12:53AM by Acanthisitta-Sea
via reddit https://ift.tt/CIlaEPj
https://ift.tt/Iy7lh2u
Submitted June 29, 2026 at 12:53AM by Acanthisitta-Sea
via reddit https://ift.tt/CIlaEPj
bednars.me
WinPE as a stateless harness for Windows driver testing and fuzzing - bednars.me
Eliminate the overhead and lack of idempotency of a full Windows system in automated testing. A practical guide to configuring WinPE and QEMU for lightning-fast boot, automating kernel debugging, and avoiding KDNET pitfalls.
Applying DI in C to decouple Windows exploitation from the execution mechanics
https://ift.tt/Hj3XJaf
Submitted June 29, 2026 at 04:23PM by Important_Map6928
via reddit https://ift.tt/1xQj6LP
https://ift.tt/Hj3XJaf
Submitted June 29, 2026 at 04:23PM by Important_Map6928
via reddit https://ift.tt/1xQj6LP
sibouzitoun.tech
SindriKit 1.1.0: Injection Without Rewriting Your Implant
Classic remote injection lands in SindriKit: shellcode in a handful of lines, full PE mapping in one chain call, and a cleaner syscall resolver pipeline.
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs
https://ift.tt/trER2ZH
Submitted June 30, 2026 at 12:57AM by dx7r__
via reddit https://ift.tt/9uXrTUb
https://ift.tt/trER2ZH
Submitted June 30, 2026 at 12:57AM by dx7r__
via reddit https://ift.tt/9uXrTUb
watchTowr Labs
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
Welcome back to another watchTowr Labs blog post.
This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping…
This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping…
Auditing OpenReception: 16 CVEs in an end-to-end encrypted appointment booking platform (unauthenticated admin creation, account takeover, E2E bypass)
https://ift.tt/r9KNwBL
Submitted June 30, 2026 at 03:37PM by moltenbit-r
via reddit https://ift.tt/sbVvhDi
https://ift.tt/r9KNwBL
Submitted June 30, 2026 at 03:37PM by moltenbit-r
via reddit https://ift.tt/sbVvhDi
moltenbit
Auditing OpenReception: 16 CVEs in an end-to-end encrypted appointment booking platform
A white-box audit of the end-to-end encrypted booking platform OpenReception found 16 vulnerabilities, four of them critical.
Trusted by NVIDIA, Amazon and Banks, This Extension Let Any Website run a drive-by RCE. CVSS 9.3
https://ift.tt/JoyQORH
Submitted June 30, 2026 at 05:02PM by acorn222
via reddit https://ift.tt/I8K6VwN
https://ift.tt/JoyQORH
Submitted June 30, 2026 at 05:02PM by acorn222
via reddit https://ift.tt/I8K6VwN
Amibeingpwned
Trusted by NVIDIA, Amazon and Banks, This Extension Let Any Website Run Code on Your PC
Signer.Digital's browser extension and its native helper turned a path-traversal bug into drive-by remote code execution on Windows. Any web page you visited could load an attacker DLL into a process on your machine, then escalate to administrator with a…
DHIS2 (used across 80+ countries) ships with hardcoded default admin credentials and no forced password change.
https://ift.tt/8S0VLmJ
Submitted June 30, 2026 at 08:21PM by Hadsa_CounterStrike
via reddit https://ift.tt/IKJrXqD
https://ift.tt/8S0VLmJ
Submitted June 30, 2026 at 08:21PM by Hadsa_CounterStrike
via reddit https://ift.tt/IKJrXqD
Scrutora
The Health Data Platform Deployed Across 80+ Countries Ships with No Forced Password Change
The world's largest health information platform ships with default admin credentials and never forces a password change. 90 days of responsible disclosure, no substantive response.
CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs
https://ift.tt/MQp09xX
Submitted July 1, 2026 at 01:10AM by dx7r__
via reddit https://ift.tt/plkzcX5
https://ift.tt/MQp09xX
Submitted July 1, 2026 at 01:10AM by dx7r__
via reddit https://ift.tt/plkzcX5
watchTowr Labs
CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
Well, well, well - once again, the cat has dragged us in and spat us out.
Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?”
Well, if you’re here, you likely fit into…
Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?”
Well, if you’re here, you likely fit into…
I open-sourced a personal project called Bomly and would appreciate feedback from netsec/AppSec folks
https://ift.tt/cdyUAn4
Submitted July 1, 2026 at 05:16AM by Pleasant-Ad192
via reddit https://ift.tt/y7ZEda0
https://ift.tt/cdyUAn4
Submitted July 1, 2026 at 05:16AM by Pleasant-Ad192
via reddit https://ift.tt/y7ZEda0
bomly.dev
Announcing Bomly
A free, open-source CLI and GitHub Action for dependency diffs, SBOMs, vulnerability and license audits, and explaining why packages are present in your builds.