Cybersecurity

AI Native platform to get companies compliant - Vanta & Drata Alternative

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance throu…

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Infisical is the open-source platform for secrets, certificates, and privileged access management.

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 100+ global frameworks…

Malicious traffic detection system

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audi…

Sandbox your local AI agents so they can read/write only what they need

Awesome Security lists for SOC/CERT/CTI

awesome game security [Welcome to PR]

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized

Discussion on r/netsec: GlassWorm V2 analysis: Part 2. Infrastructure rotation and GitHub injection

Published a research report auditing how popular AI agent projects (OpenClaw, AutoGen, CrewAI, LangGraph, MetaGPT, AutoGPT, etc.) handle authorization. Key…

Most don't think they are good for the environment. Three-quarters of the American public have heard of datacenters, but they haven't quite made their minds up …

Discussion on r/netsec: Post AI Agent Hacked Amazon & McKinsey, I compiled a list of 5 situations where deploying agents can be catastrophic

Personal information such as names, email addresses, and phone numbers was accessed by hackers. The post Loblaw Data Breach Impacts Customer Information appeare…

Cornwell Uni researchers pivot to pluck low-hanging fruit to optimize bandwidth Workers who believe "leveraging cross-functional synergies" sounds profound may …

Discussion on r/netsec: CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build

As these platforms add more AI-driven automation: autonomous triage, auto-response, AI-based policy changes, how are you currently keeping track of what these A…

Discussion on r/netsec: Analysis of 1,808 MCP servers: 66% had security findings, 427 critical (tool poisoning, toxic data flows, code execution

Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates inste…

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain

The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls. The post Critical HPE AOS-CX Vulnerability …

Biological computing is messy and gassy – It’s now cloudy, too At the start of the working day at Cortical Labs’ datacenter in Melbourne, Australia, technicians…

Discussion on r/netsec: I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites

Conversations with Anthropic's models may now be accompanied by interactive apps Seeing is believing, or so it was said up until AI required questioning everyth…

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users los…

I’ve been analyzing a phishing campaign that abuses Google Cloud Storage (storage.googleapis.com) as a redirect layer to send victims to multiple scam pages hos…

The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games upl…

Coding education may become a bit more challenging, but the economics lesson is free You don't get what you don't pay for! Microsoft's GitHub is dialing back on…

A 'web of litigation' The African Network Information Centre (AFRINIC) has accused one its members of trying to "paralyse" the

An incident in Macau A 70-year old woman in China loudly shouted at a robot to leave her alone, but the bot instead stood its ground and did a “raise the roof” …

And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients f…

Discussion on r/netsec: RegPwn - Windows LPE vulnerability (now fixed)

Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any

​Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop

Discussion on r/netsec: CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

Someone, somewhere, ticked a box on a build farm. The wait is over Chrome is finally coming to ARM64 Linux devices, years after it turned up on macOS and Window…

Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds. The post Starbucks Data Breach Impacts Employees appeare…

Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense…

Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery…

PAC chair asks Cabinet Office if anyone bothered telling dept about the shambles before handing over the keys The chair of the UK Parliament's public spending w…

35-year staffer comes from time before company's cloud and Copilot obsessions Microsoft Executive Vice President (EVP) for Experiences and Devices, Rajesh Jha, …

An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercri…

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting

Gets bounced between Microsoft and Anthropic like a support ticket nobody wants to own Companies using credits bundled with Microsoft for Startups have found so…

Zram versus zswap – two ways to get a quart into a pint pot Linux has two ways to do memory compression – zram and zswap – but you rarely hear about the second.…