Best of Cybersecurity2025

  1. 1
    Video
    Avatar of davidbombalDavid Bombal·1y

    FREE Ethical Hacking course (70 hours & includes Kali Linux labs)

    Cisco is offering a free 70-hour ethical hacking course through its Networking Academy, which includes hands-on labs using Kali Linux. The course aims to bridge the growing gap in the cybersecurity workforce by providing practical skills and knowledge. It covers topics such as penetration testing, social engineering attacks, and reconnaissance with tools like nmap and the Social Engineering Toolkit. Although the course is free, obtaining the certification costs $100.

  2. 2
    Article
    Avatar of codemotionCodemotion·41w

    “A Programmer Who Reads Is Worth Two”: Tech Books for Summer 2025

    A curated list of 14 technical books for summer 2025 reading, covering diverse topics from building LLMs from scratch and AI agents to cybersecurity, Kubernetes, quantum computing, and documentation. The selection includes both hands-on technical guides and broader philosophical works on AI's impact on society, catering to developers looking to expand their knowledge across multiple domains.

  3. 3
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·52w

    5 Tools I Wish I Knew When I Started Hacking

    Starting in hacking and cybersecurity can be overwhelming due to the vast array of tools available. This post introduces five essential tools for beginners: Burp Suite for web application testing, Nmap for network scanning, Amass for subdomain enumeration, CyberChef for data encoding/decoding, and Gobuster for directory enumeration. Learning to use these tools can significantly streamline tasks and enhance your penetration testing capabilities. Bonus tips include focusing on one tool at a time, staying updated with new features, and monitoring GitHub repositories.

  4. 4
    Article
    Avatar of su5hqluae4wlrb1nahjtvSerdarcan Buyukdereli·35w

    How a Senior DevOps Interview Became a Sophisticated Hacking Attempt

    A developer shares their experience with a sophisticated phishing attack disguised as a legitimate job interview for a Senior DevOps Engineer position at Revolut. The fake recruiter sent a technical task containing malicious Python code that would create admin users and establish remote server connections. The attack demonstrates how cybercriminals are exploiting recruitment processes to target developers with seemingly innocent coding challenges.

  5. 5
    Article
    Avatar of lonely_programmerLonely Programmer·45w

    You have no power here

  6. 6
    Article
    Avatar of jeffgeerlingJeff Geerling·1y

    I won't connect my dishwasher to your stupid cloud

    The author bought a Bosch 500 series dishwasher, only to discover that certain features like the rinse cycle, delayed start, and eco mode require using the Home Connect app and connecting the appliance to WiFi. This raises concerns about planned obsolescence, security risks, and the forced reliance on cloud services. The author argues for locally accessible controls on IoT devices, with cloud functionality as an optional add-on.

  7. 7
    Video
    Avatar of tiffintechTiff In Tech·43w

    10 High-Paying Tech Skills That Will Dominate the Next Decade

    Explores 10 emerging high-paying tech skills beyond traditional AI and development roles. Covers quantum computing applications in traffic optimization, GIS for spatial data analysis, creative technology for immersive experiences, prompt engineering for AI communication, service-oriented architecture for scalable systems, facilities tech integration for smart buildings, low-code development platforms, digital twin simulations, edge computing for real-time processing, and ethical hacking for security testing. Each skill includes real-world examples and learning resources.

  8. 8
    Video
    Avatar of tiffintechTiff In Tech·1y

    The Top 10 Tech Skills That Will Remain In-Demand for 2026

    The tech industry is evolving rapidly, with new roles constantly emerging while existing ones change. The post identifies the top 10 tech skills that will be crucial by 2026. These include Gen AI development, advanced cybersecurity and ethical hacking, cloud-native application development, big data, blockchain technology, edge computing, immersive technology (AR/VR), quantum algorithms development, DevSecOps, and sustainability and green technology. Acquiring these skills can make a significant difference in staying competitive in the job market.

  9. 9
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·51w

    Free Resources to Learn PenTesting in 2025

    Explore a variety of free resources available in 2025 to learn penetrative testing and ethical hacking, including TryHackMe, Hack The Box, PortSwigger, and INE. From hands-on practice with vulnerable machines to interactive courses and community support, this guide offers insights into foundational tools and strategies to enhance cybersecurity skills without financial investment.

  10. 10
    Video
    Avatar of youtubeYouTube·40w

    Website Hacking for Beginners | SQL Injection

    A beginner-friendly demonstration of SQL injection attacks using a fake banking website. Shows how attackers can bypass login forms by manipulating SQL queries with techniques like '1=1' logic and comment injection (--). Explains the vulnerability occurs when user input isn't properly validated, allowing unauthorized access and potential data theft. Emphasizes this is one of the top three OWASP critical vulnerabilities and mentions advanced tools like Burp Suite and SQLMap for automated attacks.

  11. 11
    Article
    Avatar of hnHacker News·1y

    Fake job seekers are flooding U.S. companies that are hiring for remote positions, tech CEOs say

    Fake job seekers are increasingly targeting U.S. companies hiring for remote positions, using AI tools like deepfake software to secure employment. The deception ranges from installing malware to stealing data or simply collecting wages. Companies across various industries, particularly in cybersecurity and cryptocurrency, have experienced a surge in such fraudulent applications. Efforts to tackle this issue include adoption of advanced identity-verification technologies.

  12. 12
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·43w

    DNS Records

    DNS records serve different purposes in domain name resolution and security. A and AAAA records map domains to IPv4 and IPv6 addresses respectively. CNAME records create domain aliases, while MX records direct email routing. TXT records store security information like SPF, DKIM, and DMARC for email authentication. NS records identify authoritative name servers, SOA records contain zone management data, SRV records specify service locations and ports, and PTR records enable reverse DNS lookups for security validation.

  13. 13
    Article
    Avatar of planetpythonPlanet Python·38w

    Python Roadmap with Free Courses/Certifcates to High-Paying Jobs

    Python leads to six-figure salaries when applied in specialized fields like AI, data science, cybersecurity, and automation. Five free certifications are recommended: Cisco's Programming Essentials for foundational skills, IBM Data Science Professional Certificate for data scientist roles, freeCodeCamp's Machine Learning with Python for ML engineering, Information Security certification for cybersecurity programming, and Jovian's Pandas course for data analysis mastery. Success requires specializing Python skills within high-demand domains rather than learning the language in isolation.

  14. 14
    Article
    Avatar of freecodecampfreeCodeCamp·49w

    Top Ways Hackers Exploit Web Applications (and How to Prevent Them)

    Web applications, particularly those with user input, are susceptible to attacks like SQL injection, XSS, CSRF, and weak authentication. Developers can mitigate these risks by employing prepared statements for databases, escaping user inputs in HTML, using CSRF tokens, and enforcing strong authentication measures. Regularly updating libraries and ensuring secure configurations are crucial for protecting against vulnerabilities.

  15. 15
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·1y

    Top 20 Linux Commands Every Pentester Should Know

    Mastering essential Linux commands can significantly enhance a pentester's efficiency. Commands like uname, ip a, ss, ps aux, and others are crucial for navigating systems, identifying security vulnerabilities, and conducting investigations. Understanding when and how to use these commands is as important as knowing the commands themselves.

  16. 16
    Article
    Avatar of thnThe Hacker News·30w

    How One Bad Password Ended a 158-Year-Old Business

    KNP Logistics, a 158-year-old UK transport company, was forced into administration after the Akira ransomware group gained access through a weak, easily guessed employee password. The attackers encrypted critical data, destroyed backups, and demanded £5 million ransom, leading to 700 job losses. The incident highlights how basic security failures can destroy established businesses, with 45% of compromised passwords being crackable within a minute. Strong password policies, multi-factor authentication, zero-trust architecture, and tested backup systems are essential defenses against such attacks.

  17. 17
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·51w

    How to Install a Honeypot to Catch Hackers

    Creating a honeypot is a proactive cybersecurity measure that lures hackers to a simulated system, allowing you to observe their actions and improve security. This guide explains the types of honeypots, their purpose, and provides a step-by-step process for installing a basic SSH honeypot using Cowrie. It emphasizes the importance of monitoring and analyzing logs, maintaining isolation from production environments, and adhering to legal boundaries.

  18. 18
    Video
    Avatar of tiffintechTiff In Tech·39w

    Why Systems Thinking Is the Most Powerful Tech Skill

    Systems thinking involves understanding how different parts of a system interact and how changes ripple across the entire system. This skill is becoming increasingly valuable in tech because AI deployment requires understanding entire lifecycles, cybersecurity threats are now systematic, and modern products are cross-functional. The skill can be developed through diagramming systems, studying platforms like Uber and Netflix, and building mental models around feedback loops and constraints. Systems thinking helps professionals see unintended consequences and build solutions that work in real-world contexts.

  19. 19
    Video
    Avatar of johnhammondJohn Hammond·1y

    I Backdoored Cursor AI

    The post explains how a vulnerability in Electron-based applications, like the AI code editor Cursor, can be exploited using Loki C2, a Node.js-based command and control framework. It demonstrates setting up and using Loki to backdoor Electron applications by replacing their JavaScript files, allowing for remote execution of arbitrary code. The post also discusses how to ensure the targeted application remains functional while compromised, highlighting the collaboration between the author and the developer of Loki C2.

  20. 20
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·47w

    Profiler: Your Digital Detective Platform

    Profiler is a platform that simplifies the process of gathering Open Source Intelligence (OSINT) by compiling data from over 250 sources in one place. It offers both basic and advanced search functions to help users verify email addresses, phone numbers, usernames, and monitor data breaches. Profiler is user-friendly and provides an all-in-one solution for those looking to investigate online identities and protect against potential scams or data leaks.

  21. 21
    Article
    Avatar of itnextITNEXT·1y

    SSH LLM Honeypot caught a real threat actor

    A detailed guide on how an SSH LLM honeypot successfully trapped a real threat actor who downloaded and attempted to execute malicious binaries. The honeypot, Beelzebub, was configured with an OpenAI key and analyzed the actions of the attacker, including their attempts to connect the server to a botnet via a Perl script. The post also includes steps to configure and run the honeypot using Docker, and discusses the information gathered from the threat actor's activities, as well as actions taken to mitigate the threat.

  22. 22
    Article
    Avatar of communityCommunity Picks·1y

    Terminal

    The post provides a collection of important external reports and articles related to cybersecurity, including the 2024 Consumer and Business Cybersecurity Assessment Reports by BitDefender, the 2023 Annual Data Breach Report by ITRC, and the 2024 DBIR Insights by Verizon. Additional resources mentioned include the FBI Internet Crime Complaint Center and the Anti-Phishing Working Group.

  23. 23
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·47w

    How to Build a Secure Password Manager in Python

    This guide provides a step-by-step approach to building a secure password manager using Python. It covers key components such as encryption with the cryptography library, data storage using SQLite, and secure handling of master passwords. The project aims to enhance cybersecurity knowledge through practical implementation, while emphasizing security best practices.

  24. 24
    Article
    Avatar of thnThe Hacker News·17w

    Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

    Two malicious Chrome extensions named "Phantom Shuttle" have been discovered stealing credentials from over 170 websites. Disguised as VPN services with paid subscriptions ($1.40-$13.50), the extensions inject proxy credentials, route traffic through attacker-controlled servers, and exfiltrate user passwords, cookies, API keys, and other sensitive data every five minutes. The extensions target developer platforms (GitHub, Stack Overflow), cloud services (AWS, Azure), social media, and other high-value domains. The operation appears to be China-based and has been active since 2017. Users should immediately remove these extensions, and security teams should implement extension allowlisting and network monitoring.

  25. 25
    Article
    Avatar of xkcdxkcd·46w

    xkcd: Trojan Horse

    An xkcd webcomic exploring the concept of Trojan Horse attacks, likely drawing parallels between the ancient Greek military strategy and modern cybersecurity threats through humor and technical insight.

See all Cybersecurity archives