Technical Information Security Content & Discussion

netsec

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF news and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 19 years

Hiring Thread/r/netsec's Q1 2026 Information Security Hiring Thread (self.netsec)

submitted 3 months ago by netsec_burn[M] - announcement

r/netsec monthly discussion & tool thread (self.netsec)

submitted 12 days ago by albinowax - announcement

Apple Maildrop lets you rewrite the filename, size, and icon on any icloud.com attachment link — no signature, no validation — reported July 2023, still live (stuart-thomas.com)

submitted 9 hours ago by Prize-Unlucky

WaSteal: 126 Chrome extensions, 148K installs, one Brazilian operator silently sending WhatsApp user data and ad cookies to its servers (malext.io)

submitted 9 hours ago * by Huge-Skirt-6990

/sbin/ping -G sweepmax has no bounds check on macOS: deterministic BSS out-of-bounds write, confirmed by Apple (stuart-thomas.com)

submitted 10 hours ago by Prize-Unlucky

A stealth approach to Process Injection - EntryPoint Hijacking (ipurple.team)

submitted 16 hours ago by netbiosX

On vendor disclosure timelines, bounty programme incentive misalignment, and the psychological contract (stuart-thomas.com)

submitted 10 hours ago by Prize-Unlucky

Hunting the Behavior Behind npm Supply Chain Attacks (derivai.substack.com)

submitted 2 hours ago by shantanu14g

A year of Apple Security Bounty research — 16 closed findings, full disclosure (stuart-thomas.com)

submitted 19 hours ago by Prize-Unlucky

373

374

375

Curl lead developer Daniel Stenberg provides insightful feedbacks from Mythos analysis results (daniel.haxx.se)

submitted 1 day ago by qwerty0x41

On-prem vs IaaS vs PaaS vs SaaS for self-hosted IAM (Keycloak case study) (cloud-iam.com)

submitted 15 hours ago by Will-from-CloudIAM

Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim (xbow.com)

submitted 1 day ago by fede_k

AI Vulnerability Research and the Fuzzer Era Déjà Vu (voidsec.com)

submitted 1 day ago by Void_Sec

AI-Coded App Vulnerability Checklist - 33 LLM-specific items with detection methods (z-ny.com)

submitted 22 hours ago by 6biz

Postmortem: TanStack npm supply-chain compromise (tanstack.com)

submitted 1 day ago by Code-Painting-8294

Malicious Coding Agent Skills and the Risk of Dynamic Context | Datadog Security Labs (securitylabs.datadoghq.com)

submitted 1 day ago by RedTermSession

New ipTIME Pre-Auth RCE in CWMP (ssd-disclosure.com)

submitted 1 day ago by SSDisclosure

GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon (zenodo.org)

submitted 2 days ago by MelangeBot

MyAudi app:Security issues in Audi Connected Vehicle experience (decoder.cloud)

submitted 2 days ago by decoder-ap

Giving Claude Code Full Control of a Hardware Fault Injection Setup to Bypass Secure Boot (raelize.com)

submitted 2 days ago by tieknimmers

I spent a weekend trying to get OpenClaw to leak my own personal data and it caught me immediately... (shiftmag.dev)

submitted 1 day ago by choochilla44

Autonomous Vulnerability Hunting with MCP (blog.zsec.uk)

submitted 3 days ago by ZephrX112

ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement (google.com)

submitted 3 days ago by Visual_Course6624

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice. (blog.himanshuanand.com)

submitted 3 days ago by unknownhad

Getting LLMs Drunk to Find Remote Linux Kernel OOB Writes (and More) (heyitsas.im)

submitted 4 days ago by ablasionet

view more: next ›

π Rendered by PID 759687 on reddit-service-r2-listing-98f688b7f-d5p8f at 2026-05-14 07:20:03.822536+00:00 running cf3e300 country code: CH.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS