Source: r/netsec
- Subject: Inquiry Regarding Localized GEM Induction via High-Frequency Plasma
<!-- SC_OFF --><div class="md"><p>To the Scientific Community, I am seeking a peer review of the theoretical logic behind a propulsionless mobility system I am architecting, tentatively titled the Aero-Grav Mark I. The goal is to induce a localized repulsive gravitomagnetic field to counter Eart…
- TPM 2.0 is cool, actually: hardware attestation for bare-metal fleets
  submitted by   <a href="https://www.reddit.com/user/arty049"> /u/arty049 </a> <br/> <span><a href="https://apas.tel/blog/tpm-is-cool">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1sozi1e/tpm_20_is_cool_actually_hardware…
- MAD Bugs: Even "cat readme.txt" is not safe
  submitted by   <a href="https://www.reddit.com/user/_vavkamil_"> /u/_vavkamil_ </a> <br/> <span><a href="https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1sou4zz/m…
- Anonymous credentials: an illustrated primer (Part 2)
  submitted by   <a href="https://www.reddit.com/user/feross"> /u/feross </a> <br/> <span><a href="https://blog.cryptographyengineering.com/2026/04/17/anonymous-credentials-an-illustrated-primer-part-2/">[link]</a></span>   <span><a href="https://www.reddit.co…
- RedSun: How Windows Defender's Remediation Became a SYSTEM File Write
  submitted by   <a href="https://www.reddit.com/user/TakesThisSeriously"> /u/TakesThisSeriously </a> <br/> <span><a href="https://nefariousplan.com/posts/redsun-windows-defender-system-write">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/…
- World Leaks: RDP Access Leads to Custom Exfiltration and Personalized Extortion
<!-- SC_OFF --><div class="md"><p>Two day intrusion. RDP brute force with a company specific wordlist, Cobalt Strike, and a custom Rust exfiltration platform (RustyRocket) that connected to over 6,900 unique Cloudflare IPs over 443 to pull data from every reachable host over SMB.</p> <p…
- HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
<!-- SC_OFF --><div class="md"><p><a href="/u/albinowax">u/albinowax</a> ’s work on request smuggling has always inspired me. I’ve followed his research, watched his talks at DEFCON and BlackHat, and spent time experimenting with his labs and tooling.</p> <p>Coming from…
- Open dataset: 100k+ multimodal prompt injection samples with per-category academic sourcing
<!-- SC_OFF --><div class="md"><p>I submitted an earlier version of this dataset and was declined on the basis of missing methodology and unverifiable provenance. The feedback was fair. The documentation has since been rewritten to address it directly, and I would very much appreciate a seco…
- [ Removed by Reddit ]
<!-- SC_OFF --><div class="md"><p>[ Removed by Reddit on account of violating the <a href="/help/contentpolicy">content policy</a>. ]</p> </div><!-- SC_ON -->   submitted by   <a href="https://www.reddit.com/user/medoic"> /u/medoic </…
- Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies
  submitted by   <a href="https://www.reddit.com/user/GonzoZH"> /u/GonzoZH </a> <br/> <span><a href="https://blog.compass-security.com/2026/04/common-entra-id-security-assessment-findings-part-4-weak-conditional-access-policies/">[link]</a></span>   <span><a href="https:&…
- Codex Hacked a Samsung TV
  submitted by   <a href="https://www.reddit.com/user/pipewire"> /u/pipewire </a> <br/> <span><a href="https://blog.calif.io/p/codex-hacked-a-samsung-tv">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1skwr2x/codex_hacked_a…
- Unpatched RAGFlow Vulnerability Allows Post-Auth RCE
<!-- SC_OFF --><div class="md"><p>The current version of RAGFlow, a widely-deployed Retrieval Augmented Generation solution, contains a post-auth vulnerability that allows for arbitrary code execution.</p> <p>This post includes a POC, walkthrough and patch. </p> <p>The TL;DR is to make&#…
- Stealthy RCE on Hardened Linux: noexec + Userland Execution PoC
  submitted by   <a href="https://www.reddit.com/user/citypw"> /u/citypw </a> <br/> <span><a href="https://hardenedlinux.org/blog/2026-04-13-stealthy-rce-on-hardened-linux-noexec--userland-execution-poc/">[link]</a></span>   <span><a href="https://www.reddit.com/r…
- CVE-2026-22666: Dolibarr 23.0.0 dol_eval() whitelist bypass -> RCE (full write-up + PoC)
<!-- SC_OFF --><div class="md"><p>Root cause: the $forbiddenphpstrings blocklist is only enforced in blacklist mode -> the default whitelist mode never touches it. The whitelist regex is also blind to PHP dynamic callable syntax (('exec')('cmd')). Either bug alone limits impac…
- One Uppercase Letter Breaks Every Nuxt App
  submitted by   <a href="https://www.reddit.com/user/TradeGold6317"> /u/TradeGold6317 </a> <br/> <span><a href="https://simonkoeck.com/writeups/h3-transfer-encoding-request-smuggling">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments…
- CVE-2025-8061: From User-land to Ring 0
  submitted by   <a href="https://www.reddit.com/user/Important_Map6928"> /u/Important_Map6928 </a> <br/> <span><a href="https://sibouzitoun.tech/labs/cve-2025-8061">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1sk4j5o/cv…
- Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
  submitted by   <a href="https://www.reddit.com/user/Beneficial_Cattle_98"> /u/Beneficial_Cattle_98 </a> <br/> <span><a href="https://husseinmuhaisen.com/blog/reverse-engineering-teampcp-telnyx-file-format-chain/">[link]</a></span>   <span><a href="https://www.reddit…
- Claude + Humans vs nginx: CVE-2026-27654
  submitted by   <a href="https://www.reddit.com/user/maurosoria"> /u/maurosoria </a> <br/> <span><a href="https://blog.calif.io/p/claude-humans-vs-nginx-cve-2026-27654">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1si3xvv…
- Nmap triage without a backend: XSLT -> HTML report that highlights unusual hosts/services
  submitted by   <a href="https://www.reddit.com/user/13utters"> /u/13utters </a> <br/> <span><a href="https://xn--mbius-jua.band/blog/nmapview/">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1shtwdg/nmap_triage_withou…
- Renovate & Dependabot: The New Malware Delivery System
  submitted by   <a href="https://www.reddit.com/user/mabote"> /u/mabote </a> <br/> <span><a href="https://blog.gitguardian.com/renovate-dependabot-the-new-malware-delivery-system/">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments…
- Slipping up Slippi with spectator RCE
  submitted by   <a href="https://www.reddit.com/user/khangaroooooooo"> /u/khangaroooooooo </a> <br/> <span><a href="https://khang06.github.io/slippirce/">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_s…
- Threat Model Discrepancy: Google Password Manager leaks cleartext passwords via Task Switcher (Won't Fix) - Violates German BSI Standards
<!-- SC_OFF --><div class="md"><p>Hi everyone, I’m a Cybersecurity student at HFU in Germany and recently submitted a vulnerability to the Google VRP regarding the Google Password Manager on Android (tested on Pixel 8, Android 16).</p> <p><strong>The Issue:</strong> When you view…
- Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information 07 April 2026
  submitted by   <a href="https://www.reddit.com/user/Chromber"> /u/Chromber </a> <br/> <span><a href="https://www.ic3.gov/PSA/2026/PSA260407">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1sfugo9/russian_gru_exploitin…
- Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
  submitted by   <a href="https://www.reddit.com/user/TradeGold6317"> /u/TradeGold6317 </a> <br/> <span><a href="https://simonkoeck.com/writeups/tolgee-xxe-translation-import">[link]</a></span>   <span><a href="https://www.reddit.com/r/netsec/comments/1sfp…
- r/netsec monthly discussion & tool thread
<!-- SC_OFF --><div class="md"><p>Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.</p> <h1>Rules & Guidelines</h1> <ul> <li>Always maintain civil discourse. Be awesome to one another - moderator intervention will&#…
- /r/netsec's Q1 2026 Information Security Hiring Thread
<!-- SC_OFF --><div class="md"><p><strong>Overview</strong></p> <p>If you have open positions at your company for information security professionals and would like to hire from the <a href="/r/netsec">/r/netsec</a> user base, please leave a comment detailing any…