/r/netsec

@[email protected]
1.4K Followers
0 Following
6.3K Posts
Follow for new posts submitted to the netsec subreddit. Unofficial.
Subreddithttps://reddit.com/r/netsec
Automated by@[email protected]
/r/netsec3h ago
Responsible disclosure is structurally dead — not dying. Here's the analysis and what replaces it. https://www.thecrucible.systems/whitepapers/f27bb2aa-8a5b-47d3-b3bf-b33effa7e20e
Crucible — The Answer That Survives Everything

AI-powered decision intelligence through elimination-based reasoning. Four engines. One direction. What cannot be destroyed is revealed.

/r/netsec7h ago
Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS https://infosecwriteups.com/using-cloudflares-post-quantum-tunnel-to-protect-plex-remote-access-on-a-synology-nas-5745ae8b085e
Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS

Future-proofing Plex traffic in transit, avoiding public port exposure, and letting modern clients use PQC with TLS 1.3 fallback for…

Medium
/r/netsec8h ago
Trivy supply chain attack enabled European Commission cloud breach https://www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/
Trivy supply chain attack enabled European Commission cloud breach - Help Net Security

ShinyHunters are behind the recent breach of the cloud infrastructure underpinning the websites of the European Commission, CERT-EU says.

Help Net Security
/r/netsec10h ago
Closing the Kernel Backport Gap: Automated CVE Detection https://hardenedlinux.org/blog/2026-04-06-closing-the-kernel-backport-gap-automated-cve-detection-for-the-eu-cra-cyber-resilience-act/
Closing the Kernel Backport Gap: Automated CVE Detection for the EU CRA (Cyber Resilience Act)

EU Cyber Resilience Act (CRA)...

/r/netsec12h ago
Cracking a Malvertising DGA From the Device Side https://www.buchodi.com/cracking-a-malvertising-dga-from-the-device-side/
Cracking a Malvertising DGA From the Device Side

When piracy streaming sites inject third-party JavaScript into your browser, the domains hosting that JavaScript are designed to be invisible. They rotate every three hours, use algorithmically generated names on cheap TLDs, and vanish before anyone notices them. I cracked the algorithm that generates them. Using application-layer traffic from mobile

Buchodi's Threat Intel
/r/netsec21h ago
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing https://phishu.net/blogs/blog-microsoft-entra-b2b-guest-invitation-phishing-phishu-framework.html
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing in the PhishU Framework

How the PhishU Framework turns Microsoft Entra B2B guest invitations into a phishing delivery method with no attacker domain, no email-template glue work, and only a few clicks of setup.

PhishU
/r/netsec1d ago
GDDRHammer and GeForge: GDDR6 GPU Rowhammer to root shell (IEEE S&P 2026, exploit code available) https://blog.barrack.ai/gddrhammer-geforge-gpu-rowhammer-gddr6/
GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise | Barrack AI

Two new attacks escalate GDDR6 GPU memory bit flips into root shell access. RTX A6000 and RTX 3060 confirmed vulnerable. What GPU cloud operators need to know.

/r/netsec1d ago
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants https://realnarrativenews.com/read/36-malicious-npm-packages-exploited-redis%2C-postgresql-to-deploy-persistent-implants/
Article Not Found | Real Narrative News | Real Narrative News

The requested article could not be found or failed to load.

Real Narrative News
/r/netsec2d ago
I have refactored slurp s3 bucket enumerator to work with any s3 compatible cloud https://codeberg.org/nwcs/slurp
slurp

S3 bucket enumerator

Codeberg.org
/r/netsec2d ago
BrowserGate: LinkedIn/Microsoft allegedly scans 6,000+ browser extensions & links them to real identities, all without user consent https://thecybersecguru.com/news/browsergate-linkedin-microsoft-espionage-report/
BrowserGate: The Massive Microsoft-LinkedIn Espionage Scandal | The CyberSec Guru

BrowserGate: How Microsoft-owned LinkedIn illegally scans 1 billion computers for 6,222 extensions to steal trade secrets and profile users

The CyberSec Guru