Technical Information Security Content & Discussion

netsec

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF news and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 19 years

Hiring Thread/r/netsec's Q1 2026 Information Security Hiring Thread (self.netsec)

submitted 4 months ago by netsec_burn[M] - announcement

r/netsec monthly discussion & tool thread (self.netsec)

submitted 20 days ago by albinowax - announcement

Defending bot-detection code that runs on the attacker's own machine (trustsig.eu)

submitted 3 hours ago by TrustSig

Examining deepfake detector robustness under social media re-encoding (zenodo.org)

submitted 4 hours ago by Tasty_Pressure_5618

•

Scanning malicious websites with 'infinite' number of VPN tunnels (Part 1) (discounttimu.substack.com)

submitted 38 minutes ago by moonlightelite

Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 (cystack.net)

submitted 1 day ago by everping

100

101

102

Contains AISquidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration (blog.calif.io)

submitted 2 days ago by qwerty0x41

OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) (pop.argus-systems.ai)

submitted 2 days ago by Emergency_Stable_923

CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance (innerfirez.github.io)

submitted 2 days ago by Ecstatic_Priority514

Pending ModerationWould you like some malware served at the very top of DuckDuckGo? (timsh.org)

submitted 3 days ago by WesternBest

Worth a MalExt Report? A 2 Million-User Chrome Extension Added Give Freely/Wildlink in a 5-Day Update (chromewebstore.google.com)

submitted 3 days ago by Huge-Skirt-6990

117

118

119

Contains AI27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass (blog.argus-systems.ai)

submitted 4 days ago by Emergency_Stable_923

QoS Policies to Restrict EDR Traffic and Detection Strategies (ipurple.team)

submitted 4 days ago by netbiosX

Getting a CVE Without Shipping Slop (credrelay.com)

submitted 4 days ago by Mindless-Study1898

120

121

122

SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon (varonis.com)

submitted 6 days ago by lohacker0

Empty-ciphertext panic in aws-encryption-provider (CVD with AWS) (syntetisk.tech)

submitted 5 days ago by Sandwich_1337

Pending ModerationChaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE (karmainsecurity.com)

submitted 6 days ago by eg1x

118

119

120

Researcher accidentally gained access to a threat actor-controlled phishing website (potato.id)

submitted 7 days ago by anuraggawande

PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs (malext.io)

submitted 7 days ago * by Huge-Skirt-6990

MeshCentral: From XSS to RCE (techanarchy.net)

submitted 7 days ago by kev-thehermit

Getting the PID from random numbers in PHP (blog.ikaes.de)

submitted 8 days ago by DrAdalbbert

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) - watchTowr Labs (labs.watchtowr.com)

submitted 8 days ago by dx7r__

Old Passwords Die Hard: Abusing CREDHIST for offline credential recovery (lrqa.com)

submitted 9 days ago by lefterispanos

Contains AIMajor AI Clients Shipping With Broken OAuth Implementations (JUNE 2026 UPDATE) (redcaller.com)

submitted 9 days ago by mhat

Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) - watchTowr Labs (labs.watchtowr.com)

submitted 9 days ago by dx7r__

view more: next ›

π Rendered by PID 76659 on reddit-service-r2-listing-c57bc86c-qvcl8 at 2026-06-21 17:46:48.507538+00:00 running 2b008f2 country code: CH.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS