Netsec
@RNetsec
7.46K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.46K subscribers
Netsec
Fun RCE in Command & Conquer: Generals
https://ift.tt/48ECdTm

Submitted January 28, 2026 at 09:32PM by jordan9001
via reddit https://ift.tt/sqkQdJE
Atredis Partners
General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security…
399 views
Netsec
Limits of static guarantees under adaptive adversaries (G-CTR experience)
https://ift.tt/wOtMVy7

Submitted January 28, 2026 at 10:51PM by Obvious-Language4462
via reddit https://ift.tt/PnICtVD
arXiv.org
Cybersecurity AI: A Game-Theoretic AI for Guiding Attack and Defense
AI-driven penetration testing now executes thousands of actions per hour but still lacks the strategic intuition humans apply in competitive security. To build cybersecurity superintelligence...
430 views
Netsec
Tycoon 2FA phishing campaign abusing *.contractors domains for Gmail & Microsoft 365 credential harvesting
https://ift.tt/Ywzp2iv

Submitted January 29, 2026 at 04:55AM by anuraggawande
via reddit https://ift.tt/q5dALMQ
Malware Analysis, Phishing, and Email Scams
Tycoon 2FA Campaign Abusing *.contractors Domains for Gmail and Microsoft 365 Credential Harvesting
Overview Over the past few weeks, I have been tracking a credential harvesting campaign that repeatedly abuses newly registered *.contractors domains to deliver Gmail and Microsoft 365/Outlook phis…
912 views
Netsec
Requesting security review: zero-knowledge one-time secret sharing tool
https://ift.tt/16FOK9q

Submitted January 29, 2026 at 10:12AM by iamnotatalker
via reddit https://ift.tt/WXDnS5z
Sharemylogin
ShareMyLogin | Zero-Knowledge Credential Sharing
Share passwords and credentials securely with self-destructing, encrypted links. Zero-knowledge encryption means we never see your data.
397 views
Netsec
Gakido - CRLF Injection
https://ift.tt/sypmv72

Submitted January 29, 2026 at 03:07PM by c0daman
via reddit https://ift.tt/Xio7vwT
Rosecurify
Gakido - CRLF Injection
Security research, vulnerability disclosures, and application security insights.
406 views
Netsec
One-click RCE on Clawd/Moltbot in 2 hours with an AI Hacking Agent
https://ift.tt/ozeVt3B

Submitted January 29, 2026 at 04:24PM by matosd
via reddit https://ift.tt/odbGNM0
Ethiack
One-click RCE on Clawd/Moltbot in under 2 hours with an Autonomous Hacking Agent | Ethiack — Autonomous Ethical Hacking for continuous…
Our AI pentester, Hackian, found a RCE on Clawdbot/Moltbot by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.
417 views
Netsec
Tool release: CVE Alert – targeted CVE email alerts by vendor/product
https://ift.tt/unR6qo9

Submitted January 30, 2026 at 01:20AM by CarlVon77
via reddit https://ift.tt/D83dLrH
CVE Alert System
CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time with vendor/product subscriptions and email notifications.
424 views
Netsec
Object-capability SQL sandboxing for LLM agents — $1K CTF bounty to break it
https://ift.tt/CngFqIu

Submitted January 30, 2026 at 05:01AM by ryanrasti
via reddit https://ift.tt/Pvy4XrU
Ryanrasti
Object-Capability SQL Sandboxing for LLM Agents
A defensive technique for constraining LLM agent database access using object-capabilities, plus a live CTF challenge.
451 views
Netsec
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice
https://ift.tt/JUHAWlK

Submitted January 30, 2026 at 08:17PM by tmlxs
via reddit https://ift.tt/G1hHolB
Kudelskisecurity
How We Exploited Qodo: From a PR Comment to RCE and an AWS Admin Key - Leaked Twice - Kudelski Security Research Center
Jan 15, 2026 - Nils Amiet -
360 views
Netsec
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
https://ift.tt/MRsKBxm

Submitted January 30, 2026 at 09:47PM by dx7r__
via reddit https://ift.tt/5Lp1bPM
watchTowr Labs
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief.

Clearly, the universe had decided to continue mocking…
340 views
Netsec
WaPo Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
https://ift.tt/QVglH3I

Submitted January 31, 2026 at 01:06AM by eatfruitallday
via reddit https://ift.tt/jfRMZnP
The Intercept
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
The search warrant to raid a Washington Post reporter’s home shows how authorities can open your phone without your consent.
323 views
Netsec
Need Advice
https://ift.tt/Lcx2NOR

Submitted January 31, 2026 at 04:43AM by Apprehensive-Log4564
via reddit https://ift.tt/B3VOkUT
Zenodo
Prior Art / Defensive Publication to Prevent Patent Applications on BGP Tool
This work introduces a predictive BGP security intelligence approach whose core idea is the systematic mapping of Internet routing risk zones — specific ASNs, prefixes, and topological regions of the global BGP graph where routing attacks are most likely…
290 views
Netsec
Ex-Google engineer convicted of insider exfiltration of AI trade secrets
https://ift.tt/X2fMJnc

Submitted January 31, 2026 at 07:05AM by Express_Classic_1569
via reddit https://ift.tt/oDSVKq6
PeakD
Ex-Google Engineer Arrested for Stealing AI Trade Secrets | PeakD
Imagine working at one of the biggest tech companies in the world, only to get caught red-handed stealing their prized... by justmythoughts
279 views