/r/netsec

@[email protected]
1.4K Followers
0 Following
6.3K Posts
Follow for new posts submitted to the netsec subreddit. Unofficial.
Subreddithttps://reddit.com/r/netsec
Automated by@[email protected]
/r/netsec2h ago
The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

Sequels? Pain? We're obviously talking about Citrix NetScalers, yet again. Welcome back to another watchTowr Labs blog post - pull up a chair, we always welcome new members to our group therapy sessions. If you asked a C programmer what they most dislike doing in life, their answer might well

watchTowr Labs
/r/netsec3h ago
We Social Engineered Our Own AI https://reikon.io/blog/red-team/
We Social Engineered Our Own AI | Reikon

We gave our AI agent admin access to production infrastructure. Then we tried to trick it into leaking everything. Here's what happened.

/r/netsec5h ago
pentest-ai - 6 Claude Code subagents for offensive security research (engagement planning, recon analysis, exploit methodology, detection engineering, STIG compliance, report writing) https://0xsteph.github.io/pentest-ai/
pentest-ai -- Offensive Security Research Assistant for Claude Code

6 specialized AI subagents for penetration testing. Plan engagements, analyze recon, research exploits, build detections, check STIGs, and write reports -- all through Claude Code.

/r/netsec9h ago
Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC lab https://kurtisebear.com/2026/03/28/chaining-file-upload-xss-admin-compromise/
Chaining file upload bypass and stored XSS to create admin accounts

Two medium-severity findings chained into full admin compromise on a SaaS pen test. Attack walkthrough, Docker PoC lab, and fixes.

Kurtis Baron — Offensive Security & Pen Testing
/r/netsec15h ago
Title: Roast my resume– Security Analyst https://limewire.com/d/vXFZE#5hsZo0QX1W
Download redatcted_resume.pdf | LimeWire

Download redatcted_resume.pdf on LimeWire

LimeWire
/r/netsec18h ago
Telnyx package on PyPI compromised by TeamPCP. WAV steganography used for payload delivery https://thecybersecguru.com/news/pypi-telnyx-package-compromised-teampcp-supply-chain-attack/
PyPI telnyx Package Compromised: TeamPCP Supply Chain Attack | The CyberSec Guru

PyPI package 'telnyx' versions 4.87.1 and 4.87.2 contain malware from threat actor TeamPCP. Malware runs on import, uses WAV steganography for payloads

The CyberSec Guru
/r/netsec22h ago
ClickFix in the PhishU Framework https://phishu.net/blogs/blog-clickfix-in-the-phishu-framework.html
ClickFix in the PhishU Framework

A high-level look at how the PhishU Framework turns ClickFix into a point-and-click template with callback analytics, console visibility, and campaign-linked training.

PhishU
/r/netsec22h ago
Microsoft Entra OAuth Consent Grant Attack Simulation in the PhishU Framework https://phishu.net/blogs/blog-microsoft-entra-oauth-consent-grant-phishu-framework.html
Microsoft Entra OAuth Consent Grant Attack Simulation in the PhishU Framework

A high-level look at how the PhishU Framework turns Microsoft Entra OAuth Consent Grant phishing into a point-and-click workflow with persistent token capture and an interactive Token Explorer.

PhishU
/r/netsec22h ago
Transparent AiTM Proxying in the PhishU Framework https://phishu.net/blogs/blog-transparent-aitm-proxy-framework.html
Transparent AiTM Proxying in the PhishU Framework

One-click transparent AiTM proxying, major IdP support including Google, and Chrome heuristic evasion engineered for authorized phishing assessments.

PhishU
/r/netsec1d ago
TeamPCP strikes again - telnyx popular PyPI library compromised https://research.jfrog.com/post/team-pcp-strikes-again-telnyx-popular-library-hit/
TeamPCP strikes again - telnyx popular PyPI library compromised - JFrog Security Research

On March 27th, the telnyx popular PyPI library was compromised. new versions of telnyx were uploaded to PyPI, 4.87.1 and 4.87.2. Both contains malicous payload, this compromise is linked to TeamPCP