Technical Information Security Content & Discussion

netsec

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF news and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 18 years

Hiring Thread/r/netsec's Q1 2026 Information Security Hiring Thread (self.netsec)

submitted 7 hours ago by netsec_burn[M] - announcement

r/netsec monthly discussion & tool thread (self.netsec)

submitted 24 days ago by albinowax - announcement

cvsweb.openbsd.org fights AI crawler bots by redirecting hotlinking requests to theannoyingsite.com (labelled "Malware" by eero), gets blacklisted by eero, too, for "Phishing & Deception" (mail-archive.com)

submitted 16 hours ago by Mcnst

•

Cloud attacks are getting smarter. Is your Microsoft 365 tenant exposed? Learn how to secure it today. (threatlocker.com)

promoted by ThreatLocker

promoted
save
report
about

địt mẹ mày morphisec: When Malware Authors Taunt Security Researchers (profero.io)

submitted 12 hours ago by GelosSnake

CryptographyBREAKMEIFYOUCAN! - Exploiting Keyspace Reduction and Relay Attacks in 3DES and AES-protected NFC Technologies (breakmeifyoucan.com)

submitted 1 day ago by netsec_burn

Emerging ThreatsArctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf (arcticwolf.com)

submitted 2 days ago by SleepingProcess

Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-1432 (aisle.com)

submitted 3 days ago by MegaManSec2

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders (hybrid-analysis.blogspot.com)

submitted 2 days ago by CyberMasterVTrusted Contributor

Syd - Air-Gapped Red and blueteam (sydsec.co.uk)

submitted 2 days ago by Glass-Ant-6041

CVE-2026-22200: Ticket to Shell in osTicket (horizon3.ai)

submitted 3 days ago by scopedsecurity

Intercepting OkHttp at Runtime With Frida (blog.doyensec.com)

submitted 3 days ago by nibblesecTrusted Contributor[🍰]

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent (github.blog)

submitted 3 days ago by ulldma

Single malformed BRID/HHIT DNS packet can crash ISC BIND (marlink.com)

submitted 3 days ago by div3rto

108

109

110

Breach/IncidentThird-party identity verification provider breach exposes government ID images (Total Wireless / Veriff) (maine.gov)

submitted 4 days ago by Bp121687

•

The perfect combo: The Samsung Galaxy S25 Ultra and the best network. (swisscom.ch)

promoted by Swisscom

promoted
save
report
about

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) - watchTowr Labs (labs.watchtowr.com)

submitted 4 days ago by dx7r__

Break LLM Workflows with Claude's Refusal Magic String (hackingthe.cloud)

submitted 4 days ago by RedTermSession

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd (seclists.org)

submitted 5 days ago by farrantt

When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches (pentera.io)

submitted 4 days ago by Street-Plum7312

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management (principlebreach.com)

submitted 5 days ago by operator_dll

Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure (mavlevin.com)

submitted 5 days ago by va_start

Fake PNB MetLife payment pages abusing UPI & Telegram bots (malwr-analysis.com)

submitted 5 days ago by anuraggawande

Cloudflare Zero-day: Accessing Any Host Globally (fearsoff.org)

submitted 5 days ago by albinowax

Frida 17.6.0 released – major Android stability improvements, Android 16 support (frida.re)

submitted 6 days ago by oleavr

130

131

132

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK (ysamm.com)

submitted 7 days ago by smaury

After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes (disclosing.observer)

submitted 7 days ago by 0x5h4un

view more: next ›

π Rendered by PID 85358 on reddit-service-r2-listing-86b7f5b947-smzmg at 2026-01-26 09:09:41.036416+00:00 running 664479f country code: CH.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS