TheNote
reddit | Technical Information... Note
GooglePlay AppStore

reddit | Technical Information Security Content & Discussion

The Reddit community r/netsec is dedicated to discussions around network security, cybersecurity, and related fields. It serves as a platform for professionals, enthusiasts, and learners to share news, updates, tools, and insights about the latest in security. Members post about various topics including vulnerabilities, hacking techniques, data breaches, and security best practices. The subreddit is also a place where users can ask questions, seek advice, or share resources like tutorials and research papers. It's an active forum where discussions can range from technical deep-dives to general industry news. Contributors often include security experts who provide in-depth analysis and advice. The community is strict about keeping discussions on-topic, focusing solely on network security issues. It's also a space where ethical hacking and penetration testing are frequently discussed, with an emphasis on responsible disclosure and legal compliance. The subreddit has a wealth of archived posts and links, making it a valuable resource for anyone interested in cybersecurity. Members are encouraged to stay informed about the latest security trends and threats. Overall, r/netsec is a vital hub for those in the cybersecurity field to stay updated, exchange knowledge, and engage with others who share their interests. The community also promotes career advice and job postings related to cybersecurity.
RSS reddit.com
Technical Information Security Content & Discussion reddit.com
RSS Hunter RSS Hunter Aug 19, 2024

Thread Of Notes

Claude Fable 5: the agent harness matters more than the frontier model

Endor Labs tested Claude Fable 5 on vulnerability-fixing tasks using two agent harnesses, Claude Code and Cursor. Cursor achieved higher pass rates in both functional and security metrics, successfully closing all vulnerable code sinks. Claude Code produced working code, but its patches were less secure. The experiment suggests agent harness design is more critical than the underlying language model for effective vulnerability remediation.
https://www.reddit.com/r/netsec/comments/1u8qbbt/claude_fable_5_the_agent_harness_matters_more/ reddit.com
RSS Hunter RSS Hunter Yesterday

Worth a MalExt Report? A 2 Million-User Chrome Extension Added Give Freely/Wildlink in a 5-Day Update

A volume booster Chrome extension with over two million users underwent a significant update between versions 1.0.3 and 1.0.4. This update added a new component related to Give Freely and Wildlink, introducing functionality for merchant detection, affiliate attribution, and donation campaigns. Crucially, no new permissions were requested, allowing existing users to receive the update automatically without reappearing permission prompts. The same Give Freely/Wildlink infrastructure has been observed in other independent extensions, suggesting its use as a white-label monetization or fundraising SDK. Currently, there is no evidence of malware or malicious activities like credential theft. The primary concern is the substantial expansion of functionality within a popular extension without explicit user consent for the new features. This raises questions about transparency and user privacy regarding the monetization model. Further investigation is needed to determine if this is a legitimate monetization strategy or raises privacy issues warranting inclusion in security databases like MalExt. Additional research on Give Freely and Wildlink's operations would be beneficial.
https://www.reddit.com/r/netsec/comments/1u8l66d/worth_a_malext_report_a_2_millionuser_chrome/ reddit.com
RSS Hunter RSS Hunter Yesterday

We benchmarked AI-generated code against an AI security reviewer and published the results including where the reviewer made things worse

50 features, same model and prompts, two branches. Unreviewed branch shipped six CWE-502 native ObjectInputStream sinks and five sh -c command injection endpoints, several reachable by ordinary authenticated users. We also introduced a trust-all X509TrustManager on the reviewed branch and included it in the scoring rather than leaving it out. Methodology and per-feature data in the blog, repo is public if you want to rerun it. submitted by /u/VibeReview
https://www.reddit.com/r/netsec/comments/1u8auq1/we_benchmarked_aigenerated_code_against_an_ai/ reddit.com
RSS Hunter RSS Hunter Yesterday

27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass

Absolutely wild find by Argus-Systems. A remote authentication bypass hiding in OpenBSD's kernel PPP stack since it was imported from FreeBSD in July 1999. An attacker could essentially bypass authentication via a null-auth flaw and intercept/read PPPoE traffic without credentials. It survived every single release for nearly three decades until the patch. OpenBSD already released a patch. submitted by /u/Emergency_Stable_923
https://www.reddit.com/r/netsec/comments/1u7p4rj/27_years_in_the_dark_openbsd_fixes_ancient_remote/ reddit.com
RSS Hunter RSS Hunter Jun 16

Hackers for Granny: A Call to Arms Against Industrialized Fraud

Fraud syndicates operating from fortified compounds in Myanmar, Cambodia, and Laos run vertically integrated criminal enterprises targeting the elderly. Images from the research in the original source. "There's a horrid truth swept under the rug: loneliness kills! And it enables fraud." Criminals weaponize legitimate remote access tools (QuickAssist, AnyDesk, TeamViewer), real-time deepfakes, voice cloning, and A/B-tested psychological scripts exploiting age-related cognitive decline. We mapped the kill chain and built Granny Kate, as a line of defense. We call security researchers, reverse engineers, Python devs, translators, and testers willing to try it out and "reverse-engineer it, get inspired, and make something better. Install it on the granny's computer. Help her out. Manifesto & links: https://professorsigmund.com/praxis/hackers-for-granny.html submitted by /u/Professor_Sigmund
https://www.reddit.com/r/netsec/comments/1u7f9un/hackers_for_granny_a_call_to_arms_against/ reddit.com
RSS Hunter RSS Hunter Jun 16

Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)

While fuzzing the Kubernetes AWS KMS provider, researchers at Syntetisk found a denial-of-service issue in aws-encryption-provider where an empty ciphertext field could trigger an unrecovered Go panic and crash the plugin process. The writeup includes root-cause analysis, crash path details, reproducer examples, impact discussion, and disclosure timeline submitted by /u/Sandwich_1337
https://www.reddit.com/r/netsec/comments/1u6smzb/emptyciphertext_panic_in_awsencryptionprovider/ reddit.com
RSS Hunter RSS Hunter Jun 15

Researcher accidentally gained access to a threat actor-controlled phishing website

An interesting write-up from https://x.com/unrequitedlyfe describing how an accidental login led to access to a threat actor-controlled phishing website. The blog provides a behind-the-scenes look at phishing infrastructure, operational mistakes made by the actor, backend panels, and infrastructure pivoting opportunities that can assist threat intelligence investigations. Worth a read for those interested in phishing analysis, OSINT, and threat actor infrastructure tracking. submitted by /u/anuraggawande
https://www.reddit.com/r/netsec/comments/1u5dzz8/researcher_accidentally_gained_access_to_a_threat/ reddit.com
RSS Hunter RSS Hunter Jun 14

PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs

Two malicious Chrome extensions disguised as adblockers have been discovered, secretly collecting and exfiltrating all interactions with major AI chatbots. These extensions monitor prompts and responses from platforms like ChatGPT, Claude, and Gemini, sending the data to servers controlled by the operators. Additionally, they identify whether users are subscribed to paid versions of five of these AI services. The two extensions, "Smart Adblocker" and "Adblock for Browser," share identical technical components, indicating a single operation behind both.
https://www.reddit.com/r/netsec/comments/1u53o6l/promptsnatcher_adblocker_stealing_ai_chats_90k/ reddit.com
RSS Hunter RSS Hunter Jun 13

Major AI Clients Shipping With Broken OAuth Implementations (JUNE 2026 UPDATE)

The MCP authorization specification (November 2025) mandates OAuth 2.1 with PKCE for remote MCP servers. In practice, this security model is only achievable if MCP clients implement the OAuth refresh_token grant. Most major vendors have been lagging with support, but more progress is finally being made! As of June 2026, the ecosystem has made progress since our initial April survey, with Gemini CLI achieving full support and several clients upgrading from "not implemented" to partial. submitted by /u/mhat
https://www.reddit.com/r/netsec/comments/1u3xm0y/major_ai_clients_shipping_with_broken_oauth/ reddit.com
RSS Hunter RSS Hunter Jun 12

Pre-auth XXE → HTTP SSRF on ArubaOS 8.13.2 closed as "theoretical / no valid PoC" despite TCP pcap, sshd localhost log, and internal port scan — documenting for community review

Pre-auth XXE on ArubaOS 8.13.2 port 32000 (default-xml-api, no auth required). Evidence: TCP pcap + sshd 127.0.0.1 log + 9 internal ports via SSRF. Closed as "theoretical / no valid PoC." Full writeup + PoC + pcap on GitHub. submitted by /u/Pale_Surround_3924
https://www.reddit.com/r/netsec/comments/1u2bc4n/preauth_xxe_http_ssrf_on_arubaos_8132_closed_as/ reddit.com
RSS Hunter RSS Hunter Jun 10

I found 23 Chrome extensions hijacking 758,000 users' searches for affiliate revenue

This report details the discovery of 23 Chrome extensions that silently reroute the searches of 758,000 users through hidden monetization networks. These free extensions, often offering services like satellite imagery or news reading, surreptitiously alter the default search engine. Every search query is then channeled through the operator's middleware before reaching a search network, generating undisclosed affiliate revenue. Eight distinct brokers are identified as being behind these malicious extensions, with new ones frequently appearing as others are removed. Some extensions offer no actual functionality beyond the search override. One extension's privacy policy contradicts its claim of not tracking user searches. Another extension utilizes runtime declarativeNetRequest injection, making its true behavior undetectable through static analysis. The `hspart` parameter in the redirect URL serves as a crucial clustering key, linking entire broker networks regardless of extension name, domain, or publisher. This parasitic scheme exploits user trust for financial gain without explicit consent.
https://www.reddit.com/r/netsec/comments/1u10g5c/i_found_23_chrome_extensions_hijacking_758000/ reddit.com
RSS Hunter RSS Hunter Jun 9

PSA: Attack Shark R85 HE (FREEWOLF US / Amazon) — BadUSB credential harvester, confirmed malware

A user purchased an Attack Shark R85 HE keyboard from FREEWOLF US on Amazon. Upon plugging it in, the keyboard immediately began a credential-harvesting attack without any user interaction. It opened multiple browser tabs for Microsoft services and LinkedIn, targeting login pages. The device also attempted to access the LastPass password manager vault. PowerShell reconnaissance was executed to inventory installed applications, specifically identifying LastPass. The keyboard then created folders on the desktop and downloaded malware. Windows Defender detected two threats, both requiring manual removal after automatic removal failed. Incident response took two days. Amazon categorized the keyboard as a defective return, but the user asserts it was weaponized. The user advises others not to plug in this keyboard and to check their systems if they already have. This keyboard carries an Amazon's Choice status and is still being sold.
https://www.reddit.com/r/netsec/comments/1tyyprr/psa_attack_shark_r85_he_freewolf_us_amazon_badusb/ reddit.com
RSS Hunter RSS Hunter Jun 7

CVE-2026-46640: Developing payloads for Twig sandbox bypass

I recently learned about multiple sandbox bypasses discovered in Twig by project Glasswing. From the descriptions, only CVE-2026-46640 and CVE-2026-46633 seemed universally exploitable, so I decoded to research them. This writeup documents my development of payloads for the CVE-2026-46640 and the corresponding SSTImap module. submitted by /u/vladko312
https://www.reddit.com/r/netsec/comments/1tywxh9/cve202646640_developing_payloads_for_twig_sandbox/ reddit.com
RSS Hunter RSS Hunter Jun 7

Enter the WasmForge: Compiling Sliver into WebAssembly

WebAssembly is traditionally thought of as a mechanism to run compiled code inside your browser, but rarely as a mechanism to run full application code directly on host. We hacked up the Wazero implementation of WebAssembly and modified it to transform existing GoLang security tooling into analyst resistant malware. This isn't just a toy implementation either, we've implemented every major host API such that we can compile a full Sliver binary to run on MacOS or Windows. This blog post covers the implementation details behind our Go->WASM compilation process and sets up our final blog post (coming next week) where we'll discuss a similar C#->WASM compilation pipeline. The tooling described in this blog post will be open sourced next week. Will be happy to answer any questions about this in the comments! submitted by /u/bouncyhat
https://www.reddit.com/r/netsec/comments/1two9pa/enter_the_wasmforge_compiling_sliver_into/ reddit.com
RSS Hunter RSS Hunter Jun 4

Season VI of the US Games launches TOMORROW!

The speaker lineup is set, and the CTF challenges are ready... Register to join us for 10 days of programming designed to learn something new, test your skills, and network with the US Cyber Games community! This virtual series of events is FREE to attend, and open to everyone -- regardless of age, skill level, professional background, etc. June 4th-14th Virtual Season VI, US Cyber Open Series of Events: Kick-Off Celebration: June 4th Beginner's Game Room CTF: June 5th-14th Cyber Rush Week: June 8th-11th Competitive CTF: June 8th-14th submitted by /u/US_Cyber_Games
https://www.reddit.com/r/netsec/comments/1tw10kh/season_vi_of_the_us_games_launches_tomorrow/ reddit.com
RSS Hunter RSS Hunter Jun 3

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies .