🌐 Web Security - Genbox

🛡️Security Discussion

news.ycombinator.com··Hacker News

Turning Cloudflare’s threat indicators into real-time WAF rules

📡Threat Intelligence Blog

blog.cloudflare.com··Hacker News

OWASP Dependency-Track 5.0 Is Now Generally Available

🗄️Databases Blog

owasp.org··Hacker News

martidu4/honey-ai: 🍯 All-in-one AI honeypot powered by local LLMs. SSH, HTTP, FTP, Telnet, SMTP, MySQL, Redis, Git, VNC, RDP — with canary tokens, tarpits, GZIP bombs, and threat intel reporting.

📊Query Optimization Code

github.com··Hacker News

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

🕵️Penetration Testing

exploit-db.com·

SAST vs SCA: Key Differences for AppSec Teams

🐛Vulnerability Research

orca.security·

AI researcher claims he's bypassed Anthropic's Fable 5 guardrails

🐛Vulnerability Research

cointelegraph.com··Hacker News

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

🧠LSASS Academic

isc.sans.edu·

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

🐛Vulnerability Research Blog

imperva.com·

Show HN: We post-trained a model that pen tests instead of refusing your code

🐛Vulnerability Research

argusred.com··Hacker News, r/netsec

Personal apps with no back end: static site and OAuth PKCE and OpenRouter

🕵️Penetration Testing

type2fun.net··Hacker News

local AI agents for Cursor with pre-tuned marketplace/commu

🟪Programming

locaible.com··Hacker News

Seven Years on a Public Clipboard: Secrets, Türkiye's Exposure, and a Stored XSS

📡Threat Intelligence Blog

beyondmemory.io··Hacker News

Matador-og/huntbot: AI offensive security harness for bug bounty, pentesting, red teaming.

🎯Red Teaming Code

github.com··Hacker News

Infosec News Nuggets — June 9, 2026

🛡️Security

aboutdfir.com·

From prompt to pwned: chaining LLM and web bugs to Admin

🐛Vulnerability Research Blog

blog.quarkslab.com·

CVE-2026-20253: Splunk Enterprise Unauthenticated File Access via PostgreSQL Sidecar

🐛Vulnerability Research Blog

hellorecon.com··Hacker News

Full Disclosure: [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities

🐛Vulnerability Research

seclists.org·

Windows 11 sucks slightly less now, thanks to a June update

🛡️Security News

engadget.com··Hacker News

What We Learned from a Multi-Service Vulnerability Disclosure

Hacker News Security

Turning Cloudflare’s threat indicators into real-time WAF rules

OWASP Dependency-Track 5.0 Is Now Generally Available

martidu4/honey-ai: 🍯 All-in-one AI honeypot powered by local LLMs. SSH, HTTP, FTP, Telnet, SMTP, MySQL, Redis, Git, VNC, RDP — with canary tokens, tarpits, GZIP bombs, and threat intel reporting.

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

SAST vs SCA: Key Differences for AppSec Teams

AI researcher claims he's bypassed Anthropic's Fable 5 guardrails

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

Show HN: We post-trained a model that pen tests instead of refusing your code

Personal apps with no back end: static site and OAuth PKCE and OpenRouter

local AI agents for Cursor with pre-tuned marketplace/commu

Seven Years on a Public Clipboard: Secrets, Türkiye's Exposure, and a Stored XSS

Matador-og/huntbot: AI offensive security harness for bug bounty, pentesting, red teaming.

Infosec News Nuggets — June 9, 2026

From prompt to pwned: chaining LLM and web bugs to Admin

CVE-2026-20253: Splunk Enterprise Unauthenticated File Access via PostgreSQL Sidecar

Full Disclosure: [REVIVE-SA-2026-002] Revive Adserver Vulnerabilities

Windows 11 sucks slightly less now, thanks to a June update