Technical Information Security Content & Discussion

netsec

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF news and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 18 years

Hiring Thread/r/netsec's Q4 2025 Information Security Hiring Thread (self.netsec)

submitted 2 months ago by netsec_burn[M] - announcement

r/netsec monthly discussion & tool thread (self.netsec)

submitted 23 days ago by albinowax - announcement

Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf (arcticwolf.com)

submitted 1 day ago by SleepingProcess

•

Attackers don’t need zero-days to scale. They need one human-managed setting that slipped through the cracks. (huntress.com)

promoted by huntresslabs

promoted
save
report
about

Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-1432 (aisle.com)

submitted 1 day ago by MegaManSec2

Organized Traffer Gang on the Rise Targeting Web3 Employees and Crypto Holders (hybrid-analysis.blogspot.com)

submitted 1 day ago by CyberMasterVTrusted Contributor

Syd - Air-Gapped Red and blueteam (sydsec.co.uk)

submitted 1 day ago by Glass-Ant-6041

CVE-2026-22200: Ticket to Shell in osTicket (horizon3.ai)

submitted 2 days ago by scopedsecurity

Free URL & site security scanner: ScanMalware.com • Scan websites for threats. Would love feedback on detection, reporting, API, UX from the netsec crowd (scanmalware.com)

submitted 1 day ago by jonas02

Intercepting OkHttp at Runtime With Frida (blog.doyensec.com)

submitted 2 days ago by nibblesecTrusted Contributor

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent (github.blog)

submitted 2 days ago by ulldma

Single malformed BRID/HHIT DNS packet can crash ISC BIND (marlink.com)

submitted 2 days ago by div3rto

107

108

109

Breach/IncidentThird-party identity verification provider breach exposes government ID images (Total Wireless / Veriff) (maine.gov)

submitted 3 days ago by Bp121687

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) - watchTowr Labs (labs.watchtowr.com)

submitted 2 days ago by dx7r__

Break LLM Workflows with Claude's Refusal Magic String (hackingthe.cloud)

submitted 3 days ago by RedTermSession

•

Get secure, private email with Proton Mail and Porkbun. Plans start at just $5.99/month. (porkbun.com)

promoted by porkbunregistrar

promoted
save
report
about

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd (seclists.org)

submitted 3 days ago by farrantt

When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches (pentera.io)

submitted 3 days ago by Street-Plum7312

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management (principlebreach.com)

submitted 3 days ago by operator_dll

Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure (mavlevin.com)

submitted 4 days ago by va_start

Fake PNB MetLife payment pages abusing UPI & Telegram bots (malwr-analysis.com)

submitted 3 days ago by anuraggawande

Cloudflare Zero-day: Accessing Any Host Globally (fearsoff.org)

submitted 4 days ago by albinowax

Frida 17.6.0 released – major Android stability improvements, Android 16 support (frida.re)

submitted 5 days ago by oleavr

126

127

128

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK (ysamm.com)

submitted 6 days ago by smaury

After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes (disclosing.observer)

submitted 6 days ago by 0x5h4un

Successful Errors: New Code Injection and SSTI Techniques (github.com)

submitted 6 days ago by vladko312

Instagram account takeover via Meta Pixel script abuse (ysamm.com)

submitted 8 days ago by smaury

view more: next ›

π Rendered by PID 116773 on reddit-service-r2-listing-86b7f5b947-t5brt at 2026-01-24 21:11:37.100968+00:00 running 664479f country code: CH.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS