🌐 Web Security - Genbox

🛡️Security Discussion

news.ycombinator.com··Hacker News

Turning Cloudflare’s threat indicators into real-time WAF rules

📡Threat Intelligence Blog

blog.cloudflare.com··Hacker News

OWASP Dependency-Track 5.0 Is Now Generally Available

🗄️Databases Blog

owasp.org··Hacker News

Matador-og/huntbot: AI offensive security harness for bug bounty, pentesting, red teaming.

🎯Red Teaming Code

github.com··Hacker News

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

🕵️Penetration Testing

exploit-db.com·

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

🧠LSASS Academic

isc.sans.edu·

SAST vs SCA: Key Differences for AppSec Teams

🐛Vulnerability Research

orca.security·

Show HN: We post-trained a model that pen tests instead of refusing your code

🐛Vulnerability Research

argusred.com··Hacker News, r/netsec

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

🐛Vulnerability Research Blog

imperva.com·

Personal apps with no back end: static site and OAuth PKCE and OpenRouter

🕵️Penetration Testing

type2fun.net··Hacker News

local AI agents for Cursor with pre-tuned marketplace/commu

🟪Programming

locaible.com··Hacker News

Infosec News Nuggets — June 9, 2026

🛡️Security

aboutdfir.com·

martidu4/honey-ai: 🍯 All-in-one AI honeypot powered by local LLMs. SSH, HTTP, FTP, Telnet, SMTP, MySQL, Redis, Git, VNC, RDP — with canary tokens, tarpits, GZIP bombs, and threat intel reporting.

📊Query Optimization Code

github.com··Hacker News

Seven Years on a Public Clipboard: Secrets, Türkiye's Exposure, and a Stored XSS

📡Threat Intelligence Blog

beyondmemory.io··Hacker News

CVE-2026-20253: Splunk Enterprise Unauthenticated File Access via PostgreSQL Sidecar

🐛Vulnerability Research Blog

hellorecon.com··Hacker News

From prompt to pwned: chaining LLM and web bugs to Admin

🐛Vulnerability Research Blog

blog.quarkslab.com·

USB Devices

🛡️Security Reference

docs.orbstack.dev··Hacker News

Every breaking change in the 2026-07-28 MCP spec — and exactly how to migrate

🛡️Security Blog Tutorial

mcpmigrate.dev··Hacker News

Full Disclosure: [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities

🐛Vulnerability Research

seclists.org·

What We Learned from a Multi-Service Vulnerability Disclosure

Hacker News Security

Turning Cloudflare’s threat indicators into real-time WAF rules

OWASP Dependency-Track 5.0 Is Now Generally Available

Matador-og/huntbot: AI offensive security harness for bug bounty, pentesting, red teaming.

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

SAST vs SCA: Key Differences for AppSec Teams

Show HN: We post-trained a model that pen tests instead of refusing your code

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

Personal apps with no back end: static site and OAuth PKCE and OpenRouter

local AI agents for Cursor with pre-tuned marketplace/commu

Infosec News Nuggets — June 9, 2026

martidu4/honey-ai: 🍯 All-in-one AI honeypot powered by local LLMs. SSH, HTTP, FTP, Telnet, SMTP, MySQL, Redis, Git, VNC, RDP — with canary tokens, tarpits, GZIP bombs, and threat intel reporting.

Seven Years on a Public Clipboard: Secrets, Türkiye's Exposure, and a Stored XSS

CVE-2026-20253: Splunk Enterprise Unauthenticated File Access via PostgreSQL Sidecar

From prompt to pwned: chaining LLM and web bugs to Admin

USB Devices

Every breaking change in the 2026-07-28 MCP spec — and exactly how to migrate

Full Disclosure: [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities