/r/netsec

@[email protected]
1.4K Followers
0 Following
6.2K Posts
Follow for new posts submitted to the netsec subreddit. Unofficial.
Subreddithttps://reddit.com/r/netsec
Automated by@[email protected]
/r/netsec3h ago
Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI https://secdim.com/blog/post/dangerous-by-default-what-openclaw-cve-record-tells-us-about-agentic-ai-18022/
Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI

Your AI assistant just received a WhatsApp message. It ran a shell command. Then it wrote new code and executed...

SecDim
/r/netsec5h ago
LiteLLM malware supply chain attack analysis (pt-BR only, sorry) https://gutem.github.io/notes/anatomia-de-um-infostealer-moderno-tres-amadas-uma-botnet
Anatomia de um Infostealer Moderno: Três Camadas, Uma Botnet

Análise técnica de infostealer encontrado nas versões 1.82.7 e 1.82.8 do pacote LiteLLM

/r/netsec8h ago
The Wrong Fix: Why the FCC's Router Ban Misses the Real Threat https://www.marisec.ca/reports/the-wrong-fix-why-the-fccs-router-ban-misses-the-real-threat
The Wrong Fix: Why the FCC's Router Ban Misses the Real Threat

On March 20th, 2026, the FCC banned the purchase, import and sale of foreign-made routers, citing supply-chain and security concerns. The FCC fails to account for weak credentials and firmware vulnerabilities, which serve as the initial access vectors for Salt, Volt, and Flax Typhoon attacks.

/r/netsec10h ago
TP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuit https://factide.com/tp-link-patches-archer-nx-auth-bypass-still-faces-security-lawsuit/
TP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuit

A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit alleging deceptive security claims.

Factide
/r/netsec10h ago
TeamPCP deploys CanisterWorm on NPM following Trivy compromise https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise
TeamPCP deploys CanisterWorm on NPM following Trivy compromise

TeamPCP deploys CanisterWorm on NPM following Trivy compromise

/r/netsec10h ago
GlassWorm: Part 6. Fake Trezor Suite and Ledger Live for macOS, per-request polymorphic builds. https://codeberg.org/tip-o-deincognito/glassworm-writeup/src/branch/main/PART6.md
glassworm-writeup/PART6.md at main

glassworm-writeup - GlassWorm macOS infostealer: static analysis, live C2 monitoring, and IoCs

Codeberg.org
/r/netsec10h ago
LiteLLM supply chain compromise - a complete analysis https://thecybersecguru.com/news/litellm-supply-chain-attack/
The LiteLLM Supply Chain Attack: A Complete Technical Breakdown | The CyberSec Guru

An in-depth investigative report on the March 2026 LiteLLM supply chain attack. Discover how the Trivy GitHub Actions hack led to a massive PyPI compromise

The CyberSec Guru
/r/netsec14h ago
Our first pentest on a 100% Vibe coded application : analysis & feedback https://www.hackmosphere.fr/en/?p=3803
/r/netsec14h ago
Weaponizing Windows Toast Notifications for Social Engineering https://ipurple.team/2026/03/25/toast-notifications/
Toast Notifications

The Application User Model ID (AUMID) is a unique identifier that Windows assigns to modern applications. It enables Windows to identify which applications should receive notifications, how start m…

Purple Team
/r/netsec16h ago
Navia breach exposed HackerOne employee PII due to a BOLA-style access in third-party system https://thecybersecguru.com/news/hackerone-data-breach-navia-solutions/
HackerOne Data Breach 2026: The Navia Supply Chain Hack | The CyberSec Guru

HackerOne slams Navia Benefit Solutions after a BOLA vulnerability exposed the SSNs and data of 287 employees. Read the full report

The CyberSec Guru