r/netsec • u/theMiddleBlue • 2h ago
Vtenext 25.02: A three-way path to RCE
blog.sicuranext.com
5
Upvotes
r/netsec • u/anuraggawande • 1d ago
New Gmail Phishing Scam Uses AI-Style Prompt Injection to Evade Detection
malwr-analysis.com
183
Upvotes
r/netsec • u/Cold-Dinosaur • 2d ago
Countering EDRs With The Backing Of Protected Process Light (PPL)
zerosalarium.com
24
Upvotes
r/netsec • u/ok_bye_now_ • 3d ago
CaMeL Security Demonstration - Defending Against (most) Prompt Injections by Design
camel-security.github.io
9
Upvotes
An interactive application that visualizes and demonstrates Google’s CaMeL (Capabilities for Machine Learning) security approach for defending against prompt injections in LLM agents.
Link to original paper: https://arxiv.org/pdf/2503.18813
All credit to the original researchers
title={Defeating Prompt Injections by Design},
author={Edoardo Debenedetti and Ilia Shumailov and Tianqi Fan and Jamie Hayes and Nicholas Carlini and Daniel Fabian and Christoph Kern and Chongyang Shi and Andreas Terzis and Florian Tramèr},
year={2025},
eprint={2503.18813},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2503.18813},
}
r/netsec • u/Wanazabadee • 3d ago
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)
blog.qwertysecurity.com
76
Upvotes
r/netsec • u/valmarelox • 3d ago
AI can be used to create working exploits for published CVEs in a few minutes and for a few dollars
valmarelox.substack.com
0
Upvotes
r/netsec • u/BinarySecurity • 3d ago
Azure's Weakest Link - Full Cross-Tenant Compromise
binarysecurity.no
31
Upvotes
r/netsec • u/pinpepnet • 4d ago
We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed
guard.io
37
Upvotes
r/netsec • u/Emotional-Plum-5970 • 4d ago
Commvault plugs holes in backup suite that allow remote code executio
helpnetsecurity.com
4
Upvotes
Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault - watchTowr Labs
labs.watchtowr.com
26
Upvotes
r/netsec • u/onlinereadme • 5d ago
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
clearbluejar.github.io
9
Upvotes
r/netsec • u/RedTermSession • 5d ago
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
securitylabs.datadoghq.com
9
Upvotes
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
research.kudelskisecurity.com
51
Upvotes
r/netsec • u/pinpepnet • 5d ago
Deep learning with leagues championship algorithm based intrusion detection
nature.com
4
Upvotes
r/netsec • u/albinowax • 5d ago
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
portswigger.net
10
Upvotes
r/netsec • u/woltan_4 • 5d ago
Git 2.51: Preparing for the future with SHA-256
helpnetsecurity.com
9
Upvotes
r/netsec • u/_cybersecurity_ • 6d ago
Live Q&A with an Author of the NIST Security Guidelines (SP 800-115)
cybersecurityclub.substack.com
7
Upvotes
Join us for a LIVE Q&A discussion in the Cybersecurity Club on Discord featuring Karen Scarfone, co-author of the NIST Security Guidelines (SP 800-115).
The NIST SP 800-115 is a Technical Guide to Information Security Testing and Assessment from the National Institute of Standards and Technology.
This document is used by a variety of organizations, including federal agencies, private companies, educational institutions, and critical infrastructure operators, to strengthen their cybersecurity practices.
Why Join the Session?
- Help Improve the NIST Guidelines (SP 800-115)
- Learn How to Use the Guidelines in Real Life
- Get Answers from a NIST Guidelines Author
Event Details:
When: Friday, September 12th, 2025, 3 PM EST
Where: Cybersecurity Club on Discord
About the Author: Karen Scarfone is a renowned cybersecurity expert, with significant contributions to NIST, having co-authored over 150 reports, including the NIST SP 800-115.
👉 Join Cybersecurity Club on Discord to Attend the Q&A.