How We Hacked McKinsey's AI Platform
https://ift.tt/if1ohIG
Submitted March 10, 2026 at 03:32PM by pheexio
via reddit https://ift.tt/8Ch7vqK
https://ift.tt/if1ohIG
Submitted March 10, 2026 at 03:32PM by pheexio
via reddit https://ift.tt/8Ch7vqK
codewall.ai
How We Hacked McKinsey's AI Platform
An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.
Trust no one: are one-way trusts really one way?
https://ift.tt/Zds8ot9
Submitted March 10, 2026 at 06:17PM by AlmondOffSec
via reddit https://ift.tt/iWrjvOS
https://ift.tt/Zds8ot9
Submitted March 10, 2026 at 06:17PM by AlmondOffSec
via reddit https://ift.tt/iWrjvOS
Chrome Extension Sold to New Operators Became a Full Malware Chain — Caught via Console Logs, Google Pulled It, THN Covered It (ShotBird)
https://monxresearch-sec.github.io/shotbird-extension-malware-report/
Submitted March 10, 2026 at 05:59PM by TheReedemer69
via reddit https://ift.tt/0hO1Z2V
https://monxresearch-sec.github.io/shotbird-extension-malware-report/
Submitted March 10, 2026 at 05:59PM by TheReedemer69
via reddit https://ift.tt/0hO1Z2V
ShotBird Extension Malware Report
From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector…
Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.
After the $82K Gemini API key incident — here's why GCP billing alerts won't protect you in real-time
https://ift.tt/m26DBkV
Submitted March 10, 2026 at 09:08PM by daudmalik06
via reddit https://ift.tt/A8BiDpu
https://ift.tt/m26DBkV
Submitted March 10, 2026 at 09:08PM by daudmalik06
via reddit https://ift.tt/A8BiDpu
cloudsentinel.dev
CloudSentinel - Zero-Liability GCP Protection
Monitor your Google Cloud API usage in real-time and auto-revoke keys before they breach your threshold.
Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities Including Two Public Zero-Days
https://ift.tt/Zoj87px
Submitted March 10, 2026 at 11:59PM by Far_Mycologist4839
via reddit https://ift.tt/iIN3qpy
https://ift.tt/Zoj87px
Submitted March 10, 2026 at 11:59PM by Far_Mycologist4839
via reddit https://ift.tt/iIN3qpy
NeuraCyb Intelligence
Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities Including Two Public Zero-Days
Microsoft has released its March 2026 Patch Tuesday security updates addressing 79 vulnerabilities across its software ecosystem, including two publicly disclosed zero-day vulnerabilities. The…
Classifying email providers of 2000+ Swiss municipalities via DNS, looking for feedback on methodology
https://mxmap.ch
Submitted March 11, 2026 at 02:00AM by dfhsr
via reddit https://ift.tt/fZomrdb
https://mxmap.ch
Submitted March 11, 2026 at 02:00AM by dfhsr
via reddit https://ift.tt/fZomrdb
MXmap
MXmap — Email Providers of Swiss Municipalities
Interactive map showing where Swiss municipalities host their official email. DNS analysis of all ~2,100 municipalities.
How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
https://ift.tt/yVtIDls
Submitted March 11, 2026 at 03:04AM by _PentesterLab_
via reddit https://ift.tt/O4uveUz
https://ift.tt/yVtIDls
Submitted March 11, 2026 at 03:04AM by _PentesterLab_
via reddit https://ift.tt/O4uveUz
Pentesterlab
How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
CVE-2026-28292: RCE in simple-git via case-sensitivity bypass (CVSS 9.8)
https://ift.tt/eh25jcE
Submitted March 11, 2026 at 12:32PM by WatugotOfficial
via reddit https://ift.tt/xsaUEGZ
https://ift.tt/eh25jcE
Submitted March 11, 2026 at 12:32PM by WatugotOfficial
via reddit https://ift.tt/xsaUEGZ
www.codeant.ai
CVE-2026-28292: simple-git Remote Code Execution - Case-Sensitivity Bypass (CVSS 9.8)
CVE-2026-28292 is a CVSS 9.8 remote code execution in simple-git (12.4M+ weekly npm downloads). A missing regex flag bypasses two prior CVE fixes (CVE-2022-25912, CVE-2022-25860). Full PoC, root cause analysis, and fix. Discovered by CodeAnt AI.
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
https://ift.tt/4LE8pQZ
Submitted March 11, 2026 at 11:48AM by Fun_Preference1113
via reddit https://ift.tt/0gJIo3E
https://ift.tt/4LE8pQZ
Submitted March 11, 2026 at 11:48AM by Fun_Preference1113
via reddit https://ift.tt/0gJIo3E
Cymulate
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
CVE-2026-26117 lets low-privileged users hijack Azure Arc, escalate to SYSTEM, and take over the machine’s cloud identity and RBAC access.
New UNISOC RCE!!
https://ift.tt/3nOUexo
Submitted March 11, 2026 at 02:02PM by SSDisclosure
via reddit https://ift.tt/oN21LyE
https://ift.tt/3nOUexo
Submitted March 11, 2026 at 02:02PM by SSDisclosure
via reddit https://ift.tt/oN21LyE
SSD Secure Disclosure
UNISOC T612 RCE - SSD Secure Disclosure
Summary UNISOC (Shanghai) Technologies Co., Ltd. is a top-three global fabless semiconductor company headquartered in Shanghai, specializing in 2G/3G/4G/5G mobile communication, IoT, and smart device chipsets. Formerly Spreadtrum, it serves major brands like…
Jack & Jill went up the hill — and an AI tried to hack them
https://ift.tt/YTb7yAW
Submitted March 11, 2026 at 06:24PM by eth0izzle
via reddit https://ift.tt/vknXUmR
https://ift.tt/YTb7yAW
Submitted March 11, 2026 at 06:24PM by eth0izzle
via reddit https://ift.tt/vknXUmR
We scanned 50 shared Cursor rules files from GitHub. 6 contained hidden zero-width Unicode instructions.
https://ift.tt/UMv6A0I
Submitted March 11, 2026 at 05:35PM by Kind-Release-3817
via reddit https://ift.tt/lq18W6H
https://ift.tt/UMv6A0I
Submitted March 11, 2026 at 05:35PM by Kind-Release-3817
via reddit https://ift.tt/lq18W6H
agentseal.org
AgentSeal - AI Agent Security Scanner
Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.
Throwing a spark into FuelCMS (0-click RCE)
https://ift.tt/N9Jxrnm
Submitted March 11, 2026 at 05:34PM by AdAccording4827
via reddit https://ift.tt/1i4m7Q9
https://ift.tt/N9Jxrnm
Submitted March 11, 2026 at 05:34PM by AdAccording4827
via reddit https://ift.tt/1i4m7Q9
Sigma rules engine inside the Linux kernel
https://cybereason-public.github.io/owLSM/
Submitted March 11, 2026 at 05:17PM by Sea_Warthog_4431
via reddit https://ift.tt/1QNA9Lp
https://cybereason-public.github.io/owLSM/
Submitted March 11, 2026 at 05:17PM by Sea_Warthog_4431
via reddit https://ift.tt/1QNA9Lp
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by Sea_Warthog_4431 - 1 vote and 0 comments
Red-Run - Claude CTF Automation
https://ift.tt/PENpUa7
Submitted March 11, 2026 at 07:53PM by aconite33
via reddit https://ift.tt/WF1KOVx
https://ift.tt/PENpUa7
Submitted March 11, 2026 at 07:53PM by aconite33
via reddit https://ift.tt/WF1KOVx
Blacklanternsecurity
red-run
All work and no tokens makes Claude a dull boy...
PromptSonar — open source static analyzer for LLM prompt injection, jailbreaks, and OWASP LLM Top 10 vulnerabilities in source code
https://ift.tt/twa9SkM
Submitted March 11, 2026 at 07:49PM by meghal86
via reddit https://ift.tt/6uXa01s
https://ift.tt/twa9SkM
Submitted March 11, 2026 at 07:49PM by meghal86
via reddit https://ift.tt/6uXa01s
Visualstudio
PromptSonar - Visual Studio Marketplace
Extension for Visual Studio Code - Static scanner for prompt injection (OWASP LLM01), API key leaks & jailbreaks in code. Local, fast, no LLM calls.
Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix)
https://ift.tt/wvnMt1i
Submitted March 11, 2026 at 07:36PM by LostPrune2143
via reddit https://ift.tt/Unik295
https://ift.tt/wvnMt1i
Submitted March 11, 2026 at 07:36PM by LostPrune2143
via reddit https://ift.tt/Unik295
blog.barrack.ai
Your AI Copilot Is the Newest Attack Surface | Barrack AI
Four AI assistant vulnerabilities in Q1 2026 prove that Copilot, Gemini, and Perplexity Comet have become weaponizable attack vectors. Technical analysis of CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, and PleaseFix.
CFP: NaClCON 2026 – Conference on the History of Hacking (May 31 – June 2, Carolina Beach, NC)
https://naclcon.com/cfp
Submitted March 12, 2026 at 12:47AM by count_zero_moustafa
via reddit https://ift.tt/lFkX07M
https://naclcon.com/cfp
Submitted March 12, 2026 at 12:47AM by count_zero_moustafa
via reddit https://ift.tt/lFkX07M
NaCICON
NaClCON - The History of Hacking/Cybersecurity Conference - CFP | NaCICON
Call for Papers - What we are looking for, What you get, and Submission Guidelines for NaClCON.
Forensic analysis of LummaC2 infection unmasks DPRK operative behind Polyfill.io supply chain attack and Gate.us infiltration
https://ift.tt/ZE9lvNa
Submitted March 12, 2026 at 07:49AM by Malwarebeasts
via reddit https://ift.tt/GQ52vod
https://ift.tt/ZE9lvNa
Submitted March 12, 2026 at 07:49AM by Malwarebeasts
via reddit https://ift.tt/GQ52vod
Hudson Rock
Hudson Rock - Infostealer Intelligence Solutions
Powered by Hudson Rock's continuously augmented cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.
Netsec mods unnecessarily blocking security News posted by US
https://ift.tt/6fUVKpX
Submitted March 12, 2026 at 11:06AM by Think-Inspection-291
via reddit https://ift.tt/Bh9aL2i
https://ift.tt/6fUVKpX
Submitted March 12, 2026 at 11:06AM by Think-Inspection-291
via reddit https://ift.tt/Bh9aL2i
Alipay (1B+ users) DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 6 CVEs (CVSS 9.3)
https://innora.ai/zfb/
Submitted March 12, 2026 at 01:56PM by feng_sg
via reddit https://ift.tt/v27prnA
https://innora.ai/zfb/
Submitted March 12, 2026 at 01:56PM by feng_sg
via reddit https://ift.tt/v27prnA
innora.ai
Alipay DeepLink Attack Surface: One Link to Rule Them All
17 verified security issues. 3 devices. 308 exfiltration logs. Full responsible disclosure.