r/netsec • u/theMiddleBlue • 2h ago
Vtenext 25.02: A three-way path to RCE
blog.sicuranext.com
6
Upvotes
r/netsec • u/anuraggawande • 1d ago
New Gmail Phishing Scam Uses AI-Style Prompt Injection to Evade Detection
malwr-analysis.com
181
Upvotes
r/netsec • u/Cold-Dinosaur • 2d ago
Countering EDRs With The Backing Of Protected Process Light (PPL)
zerosalarium.com
26
Upvotes
r/netsec • u/Wanazabadee • 3d ago
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)
blog.qwertysecurity.com
77
Upvotes
r/netsec • u/ok_bye_now_ • 3d ago
CaMeL Security Demonstration - Defending Against (most) Prompt Injections by Design
camel-security.github.io
8
Upvotes
An interactive application that visualizes and demonstrates Google’s CaMeL (Capabilities for Machine Learning) security approach for defending against prompt injections in LLM agents.
Link to original paper: https://arxiv.org/pdf/2503.18813
All credit to the original researchers
title={Defeating Prompt Injections by Design},
author={Edoardo Debenedetti and Ilia Shumailov and Tianqi Fan and Jamie Hayes and Nicholas Carlini and Daniel Fabian and Christoph Kern and Chongyang Shi and Andreas Terzis and Florian Tramèr},
year={2025},
eprint={2503.18813},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2503.18813},
}
r/netsec • u/BinarySecurity • 3d ago
Azure's Weakest Link - Full Cross-Tenant Compromise
binarysecurity.no
35
Upvotes
r/netsec • u/pinpepnet • 4d ago
We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed
guard.io
34
Upvotes
Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault - watchTowr Labs
labs.watchtowr.com
28
Upvotes
r/netsec • u/Emotional-Plum-5970 • 4d ago
Commvault plugs holes in backup suite that allow remote code executio
helpnetsecurity.com
7
Upvotes
r/netsec • u/valmarelox • 3d ago
AI can be used to create working exploits for published CVEs in a few minutes and for a few dollars
valmarelox.substack.com
0
Upvotes
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
research.kudelskisecurity.com
49
Upvotes
r/netsec • u/onlinereadme • 5d ago
pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis
clearbluejar.github.io
9
Upvotes
r/netsec • u/RedTermSession • 5d ago
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
securitylabs.datadoghq.com
9
Upvotes
r/netsec • u/albinowax • 5d ago
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
portswigger.net
9
Upvotes
r/netsec • u/woltan_4 • 5d ago
Git 2.51: Preparing for the future with SHA-256
helpnetsecurity.com
8
Upvotes
r/netsec • u/pinpepnet • 5d ago
Deep learning with leagues championship algorithm based intrusion detection
nature.com
3
Upvotes
Intel Outside: Hacking every Intel employee and various internal websites
eaton-works.com
244
Upvotes
“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development
blog.calif.io
55
Upvotes
In a recent red team engagement, the client's attack surface was so well-defended that after months of effort, the only system we managed to compromise was a lone server, which was apparently isolated from the rest of the network. Or so we thought.
One developer had been using that server for remote development with Cursor. This setup is becoming increasingly popular: developers run AI agents remotely to protect their local machines.
But when we dug deeper into how Cursor works, we discovered something unsettling. By pivoting through the remote server, we could actually compromise the developer's local machine.
This wasn't a Cursor-specific flaw. The root cause lies in the Remote-SSH extension that Cursor inherits directly from VS Code. Which means the attack path we uncovered could extend across the entire VS Code remote development ecosystem, putting any developer who connects to an untrusted server at risk.
For the details, check out our blog post. Comments are welcome! If you enjoy this kind of work, we're hiring!