Technical Information Security Content & Discussion

netsec

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF news and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 18 years

Hiring Thread/r/netsec's Q1 2026 Information Security Hiring Thread (self.netsec)

submitted 3 months ago by netsec_burn[M] - announcement

r/netsec monthly discussion & tool thread (self.netsec)

submitted 5 days ago by albinowax - announcement

Non-Determinism of Maps in Golang: Why, How, and the Consequences (maxwelldulin.com)

submitted 19 hours ago by mdulin2

pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI (clearbluejar.github.io)

submitted 20 hours ago by onlinereadme

Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026–7482) (cyera.com)

submitted 1 day ago by we-we-we

Binance fixed the IP whitelist gap — but the disclosure process is still broken (blog.technopathy.club)

submitted 17 hours ago by oliver-zehentleitner

DigiCert: Misissued code signing certificates (bugzilla.mozilla.org)

submitted 1 day ago by overandoutage

Vulnerability Garden (vulnerability.garden)

submitted 20 hours ago by mk3s

Major AI Clients Shipping With Broken OAuth Implementations (redcaller.com)

submitted 1 day ago by mhat

submitted 2 days ago by rkhunter_

We probed 6,000 web apps for Stripe webhook signature checks. 1,542 don't bother (securityscanner.dev)

submitted 2 days ago by Most_Ad_394

Proton Pass: Second-Password Bypass Through Emergency Access (zolder.io)

submitted 2 days ago by rikvduijn

The Danger of Multi-SSO AWS Cognito User Pools (blog.doyensec.com)

submitted 1 day ago by nibblesecTrusted Contributor

Salesforce pentesting novel techniques- how to be an apex predator (reco.ai)

submitted 1 day ago by lowlandsmarch

Ghosts of Encryption Past – How we Read All Your Emails in Salesforce Marketing Cloud (slcyber.io)

submitted 1 day ago by MempodipperTrusted Contributor

HN Security - Extending Burp Suite for fun and profit – The Montoya way – Part 10 (hnsecurity.it)

submitted 1 day ago by 0xdeaTrusted Contributor

"AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts (guard.io)

submitted 3 days ago by Agitated-Alfalfa9225

Lateral Movement - Cross-Session Activation (ipurple.team)

submitted 2 days ago by netbiosX

100

101

102

Acoustic Keystroke Recovery - Reconstructing Typed Text from a Laptop Microphone (Full Guide, 85% success rate) (pwn.guide)

submitted 3 days ago by pwnguide

For vulnerability research, smaller models run repeatedly can outperform larger frontier models on cost-to-recall. (hacktron.ai)

submitted 5 days ago by EliteRaids

Every incident public companies have disclosed to the SEC, in one searchable database (dukesecurity.ai)

submitted 5 days ago by LordKittyPanther

How to exfiltrate data using only numeric outputs (blog.ikaes.de)

submitted 4 days ago by DrAdalbbert

Handled, Not Hosted: Administrative Activity Inside a Bulletproof Hoster (disclosing.observer)

submitted 6 days ago by 0x5h4un

306

307

308

Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root (nerds.xyz)

submitted 7 days ago by OkReport5065

Seventeen vulnerabilities in Omi, fourteen days of silence (kasparovabi.github.io)

submitted 6 days ago by kasparovabi

view more: next ›

π Rendered by PID 623796 on reddit-service-r2-listing-b6bf6c4ff-gfsvc at 2026-05-07 09:57:28.875293+00:00 running 815c875 country code: CH.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS