StackWarp: Exploiting Stack Layout Vulnerabilities in Modern Processors
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
ServiceNow Virtual Agent Auth Bypass → AI Agent Privilege Escalation (85% Fortune 500 affected)
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
OpenA2A
The ServiceNow AI Vulnerability: What Went Wrong
85% of Fortune 500 exposed. Learn how AI agents need purpose-built security, not retrofitted legacy authentication.
How I used an agent to hunt vulns
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
blazelight.dev
I do things on the computer.
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
disclosing.observer
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes - Disclosing.Observer
DNS sinkholing does not erase abuse infrastructure but captures it at the moment of intervention, creating a stable boundary from which pre-takedown organiza...
"synthetic vulnerabilities" — security flaws unique to AI-generated code
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
Write-up: Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
Frida 17.6.0 released – major Android stability improvements, Android 16 support
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
Frida • A world-class dynamic instrumentation toolkit
Frida 17.6.0 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Successful Errors: New Code Injection and SSTI Techniques
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
GitHub
GitHub - vladko312/Research_Successful_Errors: Clear and obvious name of the exploitation technique can create a false sense of…
Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads a...
Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure
https://ift.tt/5GOqKJL
Submitted January 21, 2026 at 12:07AM by va_start
via reddit https://ift.tt/oCZUluz
https://ift.tt/5GOqKJL
Submitted January 21, 2026 at 12:07AM by va_start
via reddit https://ift.tt/oCZUluz
Mav Levin Security Research
Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure
Every 12 seconds, risk-free profit is auctioned for millions on the Ethereum network. It’s a brutal, PvP fight. The miners take the majority of the profit, a...
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
https://ift.tt/CIrOxSe
Submitted January 21, 2026 at 12:24PM by farrantt
via reddit https://ift.tt/u4Wdhzb
https://ift.tt/CIrOxSe
Submitted January 21, 2026 at 12:24PM by farrantt
via reddit https://ift.tt/u4Wdhzb
seclists.org
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management
https://ift.tt/btFzMXO
Submitted January 21, 2026 at 11:38AM by operator_dll
via reddit https://ift.tt/HTUiOLp
https://ift.tt/btFzMXO
Submitted January 21, 2026 at 11:38AM by operator_dll
via reddit https://ift.tt/HTUiOLp
Principlebreach
When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management
Discover how a decade-old vulnerability class leads to pre-authentication Remote Code Execution (RCE) in an enterprise API management platform. This article details the end-to-end compromise of an API Gateway, from initial subdomain reconnaissance and API…
Fake PNB MetLife payment pages abusing UPI & Telegram bots
https://ift.tt/nfu3KpY
Submitted January 21, 2026 at 01:25PM by anuraggawande
via reddit https://ift.tt/UYeA7Rc
https://ift.tt/nfu3KpY
Submitted January 21, 2026 at 01:25PM by anuraggawande
via reddit https://ift.tt/UYeA7Rc
Malware Analysis, Phishing, and Email Scams
Fake “PNB MetLife Payment Gateway” Page Stealing Customer Details and Redirecting Victims to UPI Payments
Overview While actively hunting for phishing site, I came across multiple web pages impersonating PNB MetLife Insurance and presenting themselves as official policy premium payment gateways. This a…
Break LLM Workflows with Claude's Refusal Magic String
https://ift.tt/aTyXzD0
Submitted January 21, 2026 at 08:27PM by RedTermSession
via reddit https://ift.tt/pIMyRa0
https://ift.tt/aTyXzD0
Submitted January 21, 2026 at 08:27PM by RedTermSession
via reddit https://ift.tt/pIMyRa0
hackingthe.cloud
Break LLM Workflows with Claude's Refusal Magic String - Hacking The Cloud
How Anthropic's refusal test string can be abused to stop streaming responses and create sticky failures.
Third-party identity verification provider breach exposes government ID images (Total Wireless / Veriff)
https://ift.tt/pJoObqC
Submitted January 22, 2026 at 12:45AM by Bp121687
via reddit https://ift.tt/3Yn4QxP
https://ift.tt/pJoObqC
Submitted January 22, 2026 at 12:45AM by Bp121687
via reddit https://ift.tt/3Yn4QxP
When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches
https://ift.tt/3slRoiM
Submitted January 21, 2026 at 11:38PM by Street-Plum7312
via reddit https://ift.tt/uZq2WFl
https://ift.tt/3slRoiM
Submitted January 21, 2026 at 11:38PM by Street-Plum7312
via reddit https://ift.tt/uZq2WFl
Pentera
When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches - Pentera
Pentera reveals attackers exploiting exposed cloud training apps with crypto miners in Fortune 500 environments, risking full cloud compromise.
Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) - watchTowr Labs
https://ift.tt/LGba8Ye
Submitted January 22, 2026 at 06:00AM by dx7r__
via reddit https://ift.tt/Qv6T37s
https://ift.tt/LGba8Ye
Submitted January 22, 2026 at 06:00AM by dx7r__
via reddit https://ift.tt/Qv6T37s
watchTowr Labs
Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)
Well, well, well - look what we’re back with.
You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders.
…
You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders.
…
[FREE DATASET] 67K+ domains with technology fingerprints
https://ift.tt/yEMaG1u
Submitted January 22, 2026 at 10:18AM by Upper-Character-6743
via reddit https://ift.tt/ygBt5iK
https://ift.tt/yEMaG1u
Submitted January 22, 2026 at 10:18AM by Upper-Character-6743
via reddit https://ift.tt/ygBt5iK
Dropbox
sample_dec_2025.zip
Shared with Dropbox
Single malformed BRID/HHIT DNS packet can crash ISC BIND
https://ift.tt/wUuTDgp
Submitted January 22, 2026 at 05:25PM by div3rto
via reddit https://ift.tt/W1PBK2u
https://ift.tt/wUuTDgp
Submitted January 22, 2026 at 05:25PM by div3rto
via reddit https://ift.tt/W1PBK2u
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
https://ift.tt/5T7ZmGA
Submitted January 22, 2026 at 07:04PM by ulldma
via reddit https://ift.tt/tLHze0G
https://ift.tt/5T7ZmGA
Submitted January 22, 2026 at 07:04PM by ulldma
via reddit https://ift.tt/tLHze0G
The GitHub Blog
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities.