Author: Shikhali Jamalzade GitHub: github.com/alisalive LinkedIn: linkedin.com/in/camalzads Platform: VulnHub Machine: sunset: twilight by…Continue reading on Medium »

If you run a SaaS product, the news about Claude Mythos Preview probably brought a lot of confusion.Continue reading on Medium »

Cyber insurance is supposed to be the financial parachute organizations pull after a breach, but too many leaders treat it like magic…Continue reading on Medium »

Wazuh, XDR (Extended Detection and Response) ve SIEM (Security Information and Event Management) yeteneklerini tek çatı altında…Continue reading on Medium »

Most enterprises upgraded cybersecurity years ago, but many still manage visitors with outdated systems.Continue reading on Medium »

Most enterprises upgraded cybersecurity years ago, but many still manage visitors with outdated systems.Continue reading on Medium »

It Became Comfortable.Continue reading on Medium »

Most people think encryption means safety.Continue reading on Medium »

Hi everyone, I'm reviewing a "Critical - Ransomware" alert ("VSS Shadow Copies Deletion Attempt detected") and I have a question about the timestamps and mitigation logic. Here is the timeline from the report: 06:28:24 - vssadmin.exe executes delete shadows /for=C: /oldest 06:30:28 - diskshadow.exe is executed (presumably a fallback) 06:31:06 - SentinelOne executes "Kill" (11/11 processes) and "Quarantine". Mitigation status is "Success / Mitigated". The dilemma: There is a 3-minute gap between the first execution and the final Kill action. Does the SentinelOne agent intercept and block the deletion command at the kernel level in real-time (06:28), or is there a risk the shadow copies were actually purged before the Kill at 06:31? SentinelOne, in the alert, consistently uses the word "attempted", which implies the deletion failed... but is Sentinel just being optimistic, or can I trust that "attempted" means the backups are 100% safe despite the delayed Kill? submitted by /u/allexj [link] [comments]

RASP Android Root Detection Bypass (Samsung A52s)Continue reading on Medium »

Penetration Testing Services: What If Your Business Has Already Been Targeted?Continue reading on Medium »

By the time Anthropic’s security team noticed the pattern, it was already operating at industrial scale. Not one account. Not a dozen…Continue reading on Medium »

I'm working on a C++ authentication server for my desktop application. I intend to have Cloudflare behind it, and I'm going insane and spiraling over the same issues I'm starting to think I just cannot mitigate at the application level. It currently goes like this: Client connects to the acceptor via TCP socket Acceptor accepts, server checks in an in-memory ipMap to see if the client that just connected have made x requests in the past 2 minutes, if so, it drops the connection immediately. The client will be able to reconnect and get past the ipMap when the ipMap gets pruned by the server (which happens periodically). If the ipMap check passes. If it succeeds, the TLS handshake is performed and before the actual exchange begins, the server requests a proof-of-work (client has to solve a puzzle). Now, I obviously need to put a limit to how much the ipMap grows, I've decided I can store 100k IPs. If my ipMap fills because the DDos attack is making 200k requests - what should I do then? I cannot do anything to protect the server and allow legit users to authenticate? Because the only thing that I can see is: if the map fills, drop every request that comes in. But isn't that then a successful DDOs because legit clients will be dropped as well? Same concept I cannot understand applies for global rate limiter with the toke bucket: if my server has 500 tokens per second capped at 500, isn't enough for the attacker to make 500 requests per second to lock everybody else out? submitted by /u/Electrical-Dog-8572 [link] [comments]

IntroductionContinue reading on Medium »

please share your thoughts. submitted by /u/Ashishthakur56 [link] [comments]

Most developers use git clone without thinking twice about what happens under the hood:Continue reading on Medium »

I am quite interested in almost all fields in offsec like maldev, web exploitation etc, but since it's becoming so AI era i am thinking about OSAI ( Would love to hear the experience of this ), also another choice's OSCE3 ( maybe best for career laddering ). Also concepts of HTB certs seems like so modern and well done but not quite strong on resume i guess. submitted by /u/uug4na [link] [comments]

Even when I keep my iphone in sleep mode, turn off all the notifications, etc I still get calls that i get in the facebook page I manage. How is this even possible for Facebook to do ? submitted by /u/Reasonable-Dance7491 [link] [comments]

Oleh: Founder, VERTEX-AERO-CYBER DEFENSEContinue reading on Medium »

In short: Patched last night by Linus, so technically not a 0day Yann Horn (Google PZ) proposed a fix six years ago Only hours after Linus patched, Brad Spengler went "look what we have here" _SiCK (who did Copy Fail 2 in the same manner - after analyzing the commit) posted a working PoC within another hour or so And that's where we are now: https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/tree/main All kernels up to last night are affected It's a pretty straightforward race condition from what I can tell submitted by /u/CrimsonNorseman [link] [comments]

Security professionals are now frustrated with disclosures dropping without any embargoes for defenders to prepare. submitted by /u/Cybernews_com [link] [comments]

Finding a trusted security company in Birmingham is essential for protecting your property, staff, and customers. With increasing security…Continue reading on Medium »

While most engineers use SSH exclusively for shell access, its true power lies in its ability to act as a secure, arbitrary TCP tunnel. By…Continue reading on Medium »

Security programs are fundamentally built on a straightforward idea: if you can see it, you can secure it.Continue reading on Medium »

Artificial Intelligence is changing cybersecurity faster than ever. While AI is helping companies detect threats more efficiently…Continue reading on Medium »

Ransomware is no longer just about locking files.Continue reading on Medium »

Discover the shocking truth about borrowing that could destroy your closest relationshipsContinue reading on Medium »

Instead of 404ing vulnerability scanners, I've been experimenting with slow-drip responses. Fake .env files, WordPress login pages, admin panels, all streamed in 3-byte chunks with random delays. ~80 seconds per scan instead of instant. 141K hits across 76 sites over the past month. Curious if anyone else has tried something similar or sees obvious downsides I'm missing. submitted by /u/B4dPanda [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

submitted by /u/DerBootsMann [link] [comments]

submitted by /u/DerBootsMann [link] [comments]

more than 90% of devs now use AI coding tools and something like 40% of committed code is AI-generated (or even more) Our security review process was already a bottleneck, now it's completely underwater. Are your teams adapting? How? New tooling? New processes? Or just accepting the risk? submitted by /u/The-bay-boy [link] [comments]

Just had an interview for an AI security engineer position for a large manufacturer. Here is what they are looking for. Secure RAG pipelines Adversarial testing MITRE Atlas framework Projects SecAI+ was respected. Decent math foundation Threat modeling exercises One question I was asked that was math specific. So imagine you have two vectors, say [1, 2, 3] and [2, 0, 1]. How would you measure how similar these two vectors are to each other? Walk me through it. After I answered they hit me with; Now think about this in the context of a RAG pipeline. If an attacker knows roughly what kinds of questions users are asking, what does that similarity score mean for them? What could they do with that? Good luck out there guys! submitted by /u/Technical-Natural343 [link] [comments]

In reference to the art of deception by Kevin Mitnick. This is also a request for anyone to recommend any good social engineering books. I'm just curious as to how it holds up today as its been over twenty years since the book was published. I believe now there's a bigger shift on being security conscious, so some strategies might be less effective now than in 2002. submitted by /u/OpticalBarracuda [link] [comments]

Been thinking about this a lot lately. Most of the guidance out there says start with identity hardening, then device posture, then app access, then segmentation, then telemetry and automation. Phased rollout rather than trying to rearchitect everything at once. That approach has generally made sense in my experience, but I'm curious how others have actually sequenced it in practice, especially when you've got a mix of on-prem AD, Entra ID, and cloud workloads all in play at the same time. One thing I keep coming back to is the debate around network-centric ZTNA vs identity/workload-centric access. Granting "trusted network" access feels too broad even with segmentation in place. App-level access with identity-bound sessions and device compliance checks seems tighter, but it creates friction and sometimes the tooling doesn't play nicely across the hybrid boundary. Also seen plenty of orgs that ticked the MFA box and called it zero trust, which. yeah nah, that's not it. Without continuous posture checking and meaningful segmentation it's just stronger IAM, not an actual architecture. The lateral movement problem doesn't go away because you hardened the front door. Also worth calling out the visibility piece before almost anything else. You can't enforce policy on users, devices, or workloads you haven't inventoried. A lot of implementations I've seen skip that step and end up with coverage gaps that are genuinely, hard to find later, especially across the hybrid boundary where AD-joined and Entra-joined devices are being treated inconsistently. The privileged account piece is where I see the most resistance in practice. Getting the business to actually enforce least privilege on admin accounts, not just document it, is a different conversation than deploying Conditional Access policies. Curious what controls others have found most impactful early in the process, and whether anyone's, had real success building that business case for enforcing least privilege where it actually hurts. submitted by /u/unumri [link] [comments]

Hi everyone For those working in vuln management or security automation: how mature is CSAF adoption in your environment? Have you observed discrepancies between CSAF feeds and vendor PDF/HTML advisories (e.g., affected versions, remediation steps, CVSS, etc.)? submitted by /u/Zekdot [link] [comments]

Been thinking about this a lot lately. Most orgs I see are buying ZTNA or SASE products and calling it done, but the underlying trust boundaries haven't changed at all. Standing privilege still everywhere, conditional access policies covering maybe half the apps, and nobody's touched service account sprawl in years. The tooling is there but the architecture work just doesn't happen. My take after working through a few of these rollouts is that identity has to come first, but people underestimate how much of that means non-human identities too. Service-to-service traffic is a massive blind spot. You can get MFA coverage into the 90s for users and still have hundreds of service accounts with broad permissions and no monitoring. Microsegmentation matters, but if you haven't sorted out workload identities first you're just building walls with open gates. Phishing-resistant auth for admins is also something I'd push earlier than most orgs do. Passwordless for high-risk accounts is pretty achievable now with Entra ID and it removes a whole class of risk that conditional access alone doesn't cover. CI/CD pipelines and other non-human identities are often sitting on permissions broader than anything you'd grant a human user, and they're getting almost no scrutiny. The other thing I'd push back on is the idea of full zero trust as an end state. Incremental rollout by asset criticality is just how this actually works in practice. Start with your crown jewels, enforce compliant device access, kill standing privilege for admins, then expand from there. Trying to boil the ocean gets you nowhere. Curious what others have found most impactful early on, specifically whether you went identity-first or tackled network segmentation before sorting out the identity layer. submitted by /u/unumri [link] [comments]

Below is a detailed summary of the incident and how it specifically impacts you as a macOS user. 1. The Core Incident: What Happened? • The Breach: Two OpenAI employees had their devices compromised after accidentally installing a malicious version of the @tanstack library (a very popular tool for web developers). • The Payload: The malware, named "Mini Shai-Hulud," was designed to steal credentials (GitHub tokens, AWS keys, etc.) and exfiltrate them through an anonymous messaging network called Session. • The Response: OpenAI rotated its code-signing certificates for all platforms (macOS, Windows, iOS, Android) out of extreme caution. Although they found no evidence that their software was actually tampered with, the old certificates are now considered "tainted." submitted by /u/Normal_student_5745 [link] [comments]

Hello there r/cybersecurity! We're Level Effect. Three of us are here today. We’re former NSA, and now also senior/principal engineers and consultants. We started this company in 2020. Built an EDR that was acquired by Huntress, then went all in on small live training cohorts seeing a gap in training at the time. We made the first “virtual SOC” cyber range at that time with a 1-week practical exam and have graduated 100s of students into the field. We've also live streamed close to 100 hours of free cybersecurity instruction from 0 to Tier 1 SOC. We’re shifting to more content creation and community interaction now. Giving back has always been important to us and we want to be more involved here in r/cybersecurity after this intro AMA. So how’s the industry doing? Is it all over now with AI? We don’t think so at all, but: The "entry-level" market is now more accurate to mid-level IT, and provable hands-on experience went from a nice-to-have to a must. The common advice of "just go work in IT first" doesn't always get you there either if you're stuck on end-user support forever, never touching malware triage or detection rule crafting. You’d be great with printers though. Guiding people to be ready for this field is still the same problem it was in 2020 in spite of many best efforts from a lot of talented educators out there. In some ways even harder actually. We’re here to help answer anything around: What we learned building enterprise security tooling Gaps and opportunities in the field What has actually helped our students get hired and what hasn't The shift toward provable skills over certs 2026 career trends and what's coming next Or anything else! Otherwise, we’ve got questions for you! What are you studying right now that's working well? If you're already in the field, what skills are still paying off? If you're hiring or mentoring, what are you seeing (or not seeing) from candidates? Let's hear it! Rob Noeth, Anthony Bendas & Jonny Johnson * Edit - Taking a break for the evening, thank you joining us today! We'll be back in the morning (US Eastern) to address any posts we missed. submitted by /u/LevelEffectOfficial [link] [comments]

Hello everyone, lately I’ve been struggling a bit to stay up to date with newly disclosed vulnerabilities, exploits, vendor advisories, and threat intelligence feeds. It feels like there are more and more sources every day, and keeping track of what is actually important without missing something critical is becoming increasingly difficult. Because of that, I started looking into building a self-hosted solution that aggregates the most relevant sources into one central place and helps me stay current more efficiently. I’d really like to hear how others here are approaching this. Are you using open-source tools? Any recommendations, lessons learned, or architectures you can share would be highly appreciated. submitted by /u/Impossible-Group-971 [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

submitted by /u/Doug24 [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]