Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
https://ift.tt/PDgVU2s
Submitted January 15, 2026 at 04:24PM by lohacker0
via reddit https://ift.tt/6bDNSBm
https://ift.tt/PDgVU2s
Submitted January 15, 2026 at 04:24PM by lohacker0
via reddit https://ift.tt/6bDNSBm
Varonis
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection.
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
https://ift.tt/lzKJ8ro
Submitted January 15, 2026 at 09:12PM by Fun_Preference1113
via reddit https://ift.tt/Vl7uTyz
https://ift.tt/lzKJ8ro
Submitted January 15, 2026 at 09:12PM by Fun_Preference1113
via reddit https://ift.tt/Vl7uTyz
Cymulate
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
Cymulate Research Labs uncovered CVE-2026-20965, a token validation flaw in Azure Windows Admin Center enabling tenant-wide RCE and lateral movement.
Demonstration: prompt-injection failures in a simulated help-desk LLM
https://ift.tt/WDU5VnC
Submitted January 15, 2026 at 10:24PM by thePROFITking
via reddit https://ift.tt/RWXPKbe
https://ift.tt/WDU5VnC
Submitted January 15, 2026 at 10:24PM by thePROFITking
via reddit https://ift.tt/RWXPKbe
IHackAI
IHackAI - AI Security Training Platform | ihackai.com
IHackAI (ihackai.com) - Master AI security through hands-on challenges. Learn prompt injection, jailbreaking, and defense strategies.
Technical Analysis: ServiceNow AI Agent Vulnerability (CVE Analysis + Prevention)
https://ift.tt/crd8590
Submitted January 15, 2026 at 11:36PM by opena2a
via reddit https://ift.tt/XAm0Pwc
https://ift.tt/crd8590
Submitted January 15, 2026 at 11:36PM by opena2a
via reddit https://ift.tt/XAm0Pwc
OpenA2A
The ServiceNow AI Vulnerability: What Went Wrong
85% of Fortune 500 exposed. Learn how AI agents need purpose-built security, not retrofitted legacy authentication.
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
https://ift.tt/e9jHNiS
Submitted January 15, 2026 at 10:52PM by AlmondOffSec
via reddit https://ift.tt/4epqAOB
https://ift.tt/e9jHNiS
Submitted January 15, 2026 at 10:52PM by AlmondOffSec
via reddit https://ift.tt/4epqAOB
Google Cloud Blog
Releasing Rainbow Tables to Accelerate Protocol Deprecation | Google Cloud Blog
Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.
WinBoat: Drive by Client RCE + Sandbox escape.
https://ift.tt/pXIgb6w
Submitted January 16, 2026 at 06:05AM by reddit4matt
via reddit https://ift.tt/a7mIYV8
https://ift.tt/pXIgb6w
Submitted January 16, 2026 at 06:05AM by reddit4matt
via reddit https://ift.tt/a7mIYV8
hack.do
WinBoat: Drive by Client RCE + Sandbox escape.
A remote webpage can abuse an unauthenticated guest HTTP API to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.
Multiple cross-site leaks disclosing Facebook users in third-party websites
https://ift.tt/WEtpCaP
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/o6YUsEA
https://ift.tt/WEtpCaP
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/o6YUsEA
Youssef Sammouda (sam0) personal blog
Multiple cross-site leaks disclosing Facebook users in third-party websites
Introduction This write-up consolidates several XS-Leak issues discovered across Meta-owned platforms, including Facebook, Workplace, Meta for Work, and internal Meta surfaces.
Instagram account takeover via Meta Pixel script abuse
https://ift.tt/h2T41Xx
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/LOvST2n
https://ift.tt/h2T41Xx
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/LOvST2n
Youssef Sammouda (sam0) personal blog
Instagram account takeover via Meta Pixel script abuse
Introduction Meta’s web ecosystem relies on cross-window messaging between first-party websites. In many cases, the only security control enforced is an origin check validating that messages originate from facebook.com or its subdomains.
Leaking Meta FXAuth Token leading to 2 click Account Takeover
https://ift.tt/9i3Tqer
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/jyiFQmW
https://ift.tt/9i3Tqer
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/jyiFQmW
Youssef Sammouda (sam0) personal blog
Leaking Meta FXAuth Token leading to 2 click Account Takeover
Introduction FXAuth is Meta’s shared authentication system used across Facebook, Instagram, and Meta (Horizon / VR). It is used by Accounts Center for account linking, re-authentication, and sensitive action confirmation.
StackWarp: Exploiting Stack Layout Vulnerabilities in Modern Processors
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
ServiceNow Virtual Agent Auth Bypass → AI Agent Privilege Escalation (85% Fortune 500 affected)
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
OpenA2A
The ServiceNow AI Vulnerability: What Went Wrong
85% of Fortune 500 exposed. Learn how AI agents need purpose-built security, not retrofitted legacy authentication.
How I used an agent to hunt vulns
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
blazelight.dev
I do things on the computer.
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
disclosing.observer
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes - Disclosing.Observer
DNS sinkholing does not erase abuse infrastructure but captures it at the moment of intervention, creating a stable boundary from which pre-takedown organiza...
"synthetic vulnerabilities" — security flaws unique to AI-generated code
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
Write-up: Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
Frida 17.6.0 released – major Android stability improvements, Android 16 support
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
Frida • A world-class dynamic instrumentation toolkit
Frida 17.6.0 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Successful Errors: New Code Injection and SSTI Techniques
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
GitHub
GitHub - vladko312/Research_Successful_Errors: Clear and obvious name of the exploitation technique can create a false sense of…
Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads a...
Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure
https://ift.tt/5GOqKJL
Submitted January 21, 2026 at 12:07AM by va_start
via reddit https://ift.tt/oCZUluz
https://ift.tt/5GOqKJL
Submitted January 21, 2026 at 12:07AM by va_start
via reddit https://ift.tt/oCZUluz
Mav Levin Security Research
Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure
Every 12 seconds, risk-free profit is auctioned for millions on the Ethereum network. It’s a brutal, PvP fight. The miners take the majority of the profit, a...
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
https://ift.tt/CIrOxSe
Submitted January 21, 2026 at 12:24PM by farrantt
via reddit https://ift.tt/u4Wdhzb
https://ift.tt/CIrOxSe
Submitted January 21, 2026 at 12:24PM by farrantt
via reddit https://ift.tt/u4Wdhzb
seclists.org
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd