/r/netsec
@r-netsec-bot.bsky.social
Follow for new posts submitted to the netsec subreddit. Unofficial.
Automated by @kiding.bsky.social.
Automated by @kiding.bsky.social.
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 | Amla Labs
A critical vulnerability in mcp-remote affected 558,846 downloads. The bug was client-side, but the attack exploited OAuth dynamic discovery—a trust assumption that breaks for autonomous agents.
amlalabs.com
December 22, 2025 at 4:13 AM
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
In this blog post, we present our approach for uncovering vulnerabilities by combining LLM reasoning with static analysis. By layering an LLM on top of CodeQL, we significantly reduce the...
www.cyberark.com
December 21, 2025 at 10:58 AM
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack
TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
www.evilsocket.net
December 20, 2025 at 12:28 AM
TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing - Anvil Secure
Principal Security Engineer Tao Sauvage uncovers four SAPCAR bugs, where parsing a SAR archive could lead to local privilege escalation.
www.anvilsecure.com
December 19, 2025 at 2:28 PM
Breaking SAPCAR: Four Local Privilege Escalation Bugs in SAR Archive Parsing
Case study: enabling autonomous security assessments with AI (CAI framework)
Alias Robotics
aliasrobotics.com
December 19, 2025 at 11:58 AM
Case study: enabling autonomous security assessments with AI (CAI framework)
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack - writeup.md
gist.github.com
December 19, 2025 at 8:58 AM
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack
[Research] Geometric analysis of SHA-256: Finding 68% bit-match pairs through dimensional transformation
OSF
osf.io
December 19, 2025 at 2:13 AM
[Research] Geometric analysis of SHA-256: Finding 68% bit-match pairs through dimensional transformation
Remote Desktop access and IP address
Remote desktop software—fast and secure | TeamViewer
Access your desktop computer or other devices remotely from home or on the road with our AI-enhanced remote desktop software. Trusted, secure, and fast.
www.teamviewer.com
December 19, 2025 at 1:58 AM
Remote Desktop access and IP address
Free STIX 2.1 Threat Intel Feed
analytics.dugganusa.com
December 18, 2025 at 6:58 PM
Free STIX 2.1 Threat Intel Feed
pathfinding.cloud - A library of AWS IAM privilege escalation paths
Introducing Pathfinding.cloud | Datadog Security Labs
Introducing Pathfinding.cloud, a library of AWS IAM privilege escalation paths
securitylabs.datadoghq.com
December 18, 2025 at 6:58 PM
pathfinding.cloud - A library of AWS IAM privilege escalation paths
I built a mitmproxy AI agent using 4000 paid security disclosures
InstaVM - Secure Execution of AI Generated Code
instavm.io
December 18, 2025 at 4:58 PM
I built a mitmproxy AI agent using 4000 paid security disclosures
Active HubSpot Phishing Campaign
HubSpot users targeted by active phishing campaign
Evalian SOC investigates a phishing campaign targeting HubSpot users and how attackers used MailChimp & BEC to steal credentials.
evalian.co.uk
December 18, 2025 at 1:58 PM
Active HubSpot Phishing Campaign
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent | XM Cyber
Learn more about JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent . Read more on XM Cyber website.
xmcyber.com
December 18, 2025 at 10:28 AM
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
ORM Leaking More Than You Joined For - elttam
www.elttam.com
December 18, 2025 at 9:43 AM
ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities
New research confirms what we suspected: every LLM tested can be exploited
24882480.fs1.hubspotusercontent-eu1.net
December 17, 2025 at 10:28 PM
New research confirms what we suspected: every LLM tested can be exploited
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec
It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market. And that’s where the story has begun… We have a somewhat unconventional—some […]
mdisec.com
December 17, 2025 at 6:58 PM
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness ◆ Truffle Security Co.
TruffleHog now detects JWTs signed with public-key cryptography and verifies them for liveness. This new detector has already found hundreds of live JWTs for our customers.
trufflesecurity.com
December 17, 2025 at 12:43 AM
TruffleHog now detects JWTs with public-key signatures and verifies them for liveness
Pwning Santa before the bad guys do: A hybrid bug bounty / CTF for container isolation
Dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
dangerzone.rocks
December 16, 2025 at 5:58 PM
Pwning Santa before the bad guys do: A hybrid bug bounty / CTF for container isolation
GeminiJack: A prompt-injection challenge demonstrating real-world LLM abuse
GeminiJack Challenge
geminijack.securelayer7.net
December 16, 2025 at 4:58 PM
GeminiJack: A prompt-injection challenge demonstrating real-world LLM abuse
Attempting Cross Translation Unit Taint Analysis for Firefox with Clang Static Analyzer
Attempting Cross Translation Unit Taint Analysis for Firefox
Preface
attackanddefense.dev
December 16, 2025 at 4:58 PM
Attempting Cross Translation Unit Taint Analysis for Firefox with Clang Static Analyzer
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions | Koi Blog
www.koi.ai
December 16, 2025 at 2:58 PM
Urban VPN Browser Extension Caught Harvesting AI Chat Conversations from Millions of Users
TL;DR: Hide your headless bot by mimicking a WebView (Sec-Fetch and Client Hints inconsistencies)
Fight bad bot with Sec Fetch and Client Hints inconsistencies in headless browsers
For many of our e-commerce customers the problem of bad bots it's a everyday problem and has evolved a lot in the last few years. A common approach is to "block" automated traffic with a JavaScript challenge, basically a small script that the browser must execute to prove it is
blog.sicuranext.com
December 16, 2025 at 1:58 PM
TL;DR: Hide your headless bot by mimicking a WebView (Sec-Fetch and Client Hints inconsistencies)
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
Just a moment...
medium.com
December 16, 2025 at 9:58 AM
Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector
Autonomous code analyzer beats all human teams at OSS zero-day competition
Announcing Xint Code - Theori BLOG
Real Vulnerabilities. Actionable Results. | AI for Security, Vulnerability Research
theori.io
December 16, 2025 at 12:58 AM
Autonomous code analyzer beats all human teams at OSS zero-day competition
Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses
Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
www.acronis.com
December 15, 2025 at 9:13 PM
Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses