Best of Security — June 2025
- 1
- 2
freeCodeCamp·50w
How Attackers Steal Data from Websites (And How to Stop Them)
Web attackers use various methods to steal data including phishing emails, SQL injection, cross-site scripting (XSS), brute force password attacks, malware, man-in-the-middle attacks, outdated software exploitation, and insecure API integrations. Defense strategies include user education, multi-factor authentication, input validation, HTTPS implementation, regular software updates, secure coding practices, and proper API security. The stolen data often ends up on the dark web where it's sold for identity theft and further attacks.
- 3
The New Stack·48w
Node.js 24: Your Next Big Frontend Upgrade?
Node.js 24 brings significant improvements including native TypeScript support, better ES Module compatibility, explicit resource management for automatic cleanup, and enhanced performance through V8 optimizations. Despite these advances, many developers continue using outdated versions like Node 12 and 18, creating security risks. The update addresses long-standing JavaScript challenges with resource management and introduces Watt, an application server that enables multi-threading and even PHP integration within Node.js applications.
- 4
InfoSec Write-ups·48w
DNS Records
DNS records serve different purposes in domain name resolution and security. A and AAAA records map domains to IPv4 and IPv6 addresses respectively. CNAME records create domain aliases, while MX records direct email routing. TXT records store security information like SPF, DKIM, and DMARC for email authentication. NS records identify authoritative name servers, SOA records contain zone management data, SRV records specify service locations and ports, and PTR records enable reverse DNS lookups for security validation.
- 5
Community Picks·48w
jujumilk3/leaked-system-prompts: Collection of leaked system prompts
A GitHub repository collecting leaked system prompts from popular LLM-based services. The project accepts contributions through pull requests with verifiable sources and reproducible prompts, while avoiding sensitive commercial code to prevent DMCA takedowns. The repository serves as a research resource cited in academic papers.
- 6
- 7
Socket·48w
A Fresh Look for the Socket Dashboard
Socket has launched a redesigned dashboard featuring streamlined navigation with only 6 main links (down from 14), a grayscale color palette that reserves colors for alerts and critical issues, and improved dark mode support. The redesign focuses on highlighting software supply chain security alerts while reducing visual clutter through better organization of settings, documentation, and support features.
- 8
Astro·51w
Astro 5.9
Astro 5.9 introduces experimental Content Security Policy support using hash-based approach that works across static sites, serverless, and SPAs. The release adds renderMarkdown helper for content loaders, allows disabling default styles in responsive images for better Tailwind 4 compatibility, and enables adapters to suppress feature support logs. The CSP implementation generates meta elements with hashes for all scripts and styles, providing XSS protection without requiring server-side nonce generation.
- 9
Laravel Dev·47w
Why Laravel Developers Need to Think Like Hackers
Laravel provides excellent security defaults like CSRF protection and input validation, but developers often break the security model through poor implementation. Hackers exploit assumptions by testing unexpected inputs, bypassing validation, and accessing hidden routes. To build truly secure applications, developers need to adopt a hacker mindset: assume the worst, test edge cases, audit trust boundaries, and validate data at multiple layers. The article demonstrates this with a file upload vulnerability example where a PHP file disguised as JPG bypassed validation and granted shell access.
- 10
Hacker News·51w
Root Shell on Credit Card Terminal
A security researcher reverse engineered a Worldline Yomani XR payment terminal and discovered an exposed root shell accessible via serial console without authentication. Despite sophisticated tamper detection mechanisms using pressure-sensitive connectors and copper traces, the debug interface remained accessible through an external hatch. The researcher extracted unencrypted firmware using chip-off techniques, revealing an outdated Linux system (kernel 3.6 from 2023). However, the security impact is limited because the Linux system only handles networking and updates, while sensitive payment operations run on a separate, encrypted secure processor.
- 11
omg! ubuntu!·51w
Ubuntu 25.10 Switches to Rust-based Sudo
Ubuntu 25.10 will replace the traditional C-based sudo command with sudo-rs, a Rust rewrite that maintains the same user interface while providing enhanced memory safety and security. The change aims to prevent buffer overflow and use-after-free vulnerabilities through Rust's compile-time memory checks. Users won't need to change their workflow as sudo-rs is a drop-in replacement, though some lesser-used features won't be implemented. Canonical will keep the original sudo available for those who need to revert, and the transition serves as preparation for the Ubuntu 26.04 LTS release.
- 12
Collections·51wIssues in Git Commit Lead to Suspended Linux Kernel Maintainer Account
Linus Torvalds suspended a Linux kernel maintainer's account after discovering over 6,000 falsified commits impersonating his authorship during the Linux 6.16 merge window. The maintainer attributed the issue to SSD failure and corrupted Git data recovery, but Torvalds deemed the scale too severe for hardware failure alone. The incident highlights the critical need for trust and verification processes in open source development.
- 13
Metlo
Metlo is an open-source API security tool that provides real-time protection against malicious attacks. It automatically discovers and inventories API endpoints, detects threats like SQL injection and XSS attacks with minimal false positives, and blocks malicious traffic in real time. The tool integrates with various programming languages and platforms, can be deployed in under 15 minutes, and processes traffic with less than 0.2ms latency increase while using minimal system resources.
- 14
Tech Lead Digest·49w
The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)
JWT vulnerabilities pose serious security risks in modern web applications. Common attacks include signature bypass, algorithm confusion (switching from RS256 to HS256), weak secret brute-forcing, and injection attacks through header parameters like 'kid' and 'jku'. The guide covers exploitation techniques for each vulnerability type, from trivial signature removal to sophisticated ECDSA psychic signature attacks. Key defense strategies include strict algorithm validation, secure key management, input sanitization, and proper signature verification implementation.
- 15
The Daily WTF·48w
Classic WTF: Take the Bus
A web developer at a bus company discovers their online payment system doesn't actually process transactions electronically. Instead, credit card details are printed to a physical printer where an employee manually enters them into a kiosk, creating a 72-hour delay and serious security vulnerabilities. The IT director chose this bizarre workaround to avoid paying for proper e-commerce functionality, highlighting the dangers of penny-pinching on critical systems.
- 16
Go Developers·49w
Building Real-World Go RESTful APIs with gorest: A Practical Approach for Modern Developers
gorest is a production-ready Go starter kit that simplifies building secure RESTful APIs by providing multi-database support, flexible authentication (Basic Auth, JWT, 2FA), security features like CORS and rate limiting, and a modular architecture. It addresses common pain points in Go API development by offering comprehensive tooling beyond basic routing frameworks, including auto migrations, graceful shutdown, and practical examples for real-world CRUD operations.
- 17
Last9·50w
A Complete Guide to Linux Log File Locations and Their Usage
Linux systems store logs primarily in /var/log/ directory using rsyslog and journald mechanisms. Key log files include /var/log/syslog for general system messages, /var/log/auth.log for authentication events, and application-specific logs for services like Apache, MySQL, and SSH. Essential command-line tools like tail, grep, less, and journalctl enable effective log analysis and real-time monitoring. The guide covers log rotation with logrotate, advanced filtering techniques using regular expressions, and systematic troubleshooting approaches for service failures, security incidents, and performance issues.
- 18
Product Hunt·49w
Infrabase: AI DevOps agent
Infrabase is an AI-powered DevOps agent that scans code and organizational context to identify security gaps, cost spikes, and policy violations before they reach cloud environments. Unlike traditional policy-as-code tools like OPA and Cloud Custodian, it uses large language models (Gemini and GPT-4) to evaluate infrastructure and allows users to define rules in natural language rather than complex policy languages. While still early-stage with non-determinism and latency challenges, it aims to provide accessible cloud governance for teams lacking formal policies or struggling with manual DevOps overhead.
- 19
Ubuntu 25.10 Replaces sudo With a Rust-Based Equivalent
Ubuntu 25.10 will replace the traditional sudo command with sudo-rs, a Rust-based equivalent developed by Trifecta Tech Foundation. The new implementation leverages Rust's memory safety guarantees to eliminate vulnerabilities common in C-based software, including null pointer dereferences, use-after-free errors, and data races. While sudo-rs is designed as a near drop-in replacement, some less secure features like LDAP distribution of sudoers files won't be supported. Users can currently install sudo-rs alongside traditional sudo for testing, and Canonical plans to keep the original sudo available in archive repositories for those who prefer to roll back.
- 20
typecraft·49w
Code from ANYTHING with a Thin Client setup
A thin client development setup allows developers to work from any device by connecting to a powerful VPS server. The setup involves provisioning a VPS (like Digital Ocean), installing development tools, and using secure connection services like Border Zero to avoid exposing SSH ports. This approach enables coding from tablets, old laptops, or any device while maintaining a consistent development environment with tools like tmux and neovim running on the remote server.
- 21
AWS·49w
Express.js developers can now add authorization in minutes with Amazon Verified Permissions
AWS released an open source JavaScript package that enables Express.js developers to implement authorization using Amazon Verified Permissions and Cedar policies. The package moves authorization logic outside application code into externally managed policies, allowing developers to define role-based access controls without embedding complex authorization logic. The integration works through middleware that validates permissions before processing API requests, and policies can be updated without modifying application code.
- 22
Cloudflare·47w
Russian Internet users are unable to access the open Internet
Russian ISPs have been throttling internet connections to Cloudflare-protected websites since June 9, 2025, limiting data transfer to only 16 KB per connection. This effectively renders most web navigation impossible for Russian users. The throttling affects all connection protocols including HTTP/1.1, HTTP/2, and HTTP/3, and is implemented through various mechanisms like packet injection and connection blocking. Multiple ISPs including Rostelecom, Megafon, and MTS are participating in these restrictions, which appear to be part of Russia's broader effort to isolate its internet infrastructure from Western technology providers.
- 23
Wazuh: The Free and Open Source SIEM/XDR Platform
Wazuh is a free, open-source security platform offering unified SIEM and XDR capabilities for endpoint and cloud workload protection. The platform consists of four main components: Wazuh Indexer for storing alerts, Wazuh Server for data analysis and agent management, Wazuh Dashboard for visualization, and Wazuh Agents for endpoint protection. The setup process involves installing the server on Ubuntu using a single script command, configuring agents through the web interface, and deploying agents on target systems using generated commands.
- 24
Chrome Developers·49w
HTML spec change: escaping < and > in attributes
The HTML specification was updated to escape < and > characters in attributes when serializing DOM to HTML strings, helping prevent mutation XSS vulnerabilities. This change affects innerHTML, outerHTML, and getHTML() methods but doesn't impact HTML parsing or DOM APIs like getAttribute(). The update is rolling out in Chrome 138, Firefox 140, and Safari 26, potentially breaking code that relies on innerHTML/outerHTML for attribute extraction and end-to-end tests expecting unescaped characters.
- 25
Database Schema Visualization & Security
PandaView is a database tool that transforms SQL schemas into interactive ERD diagrams while providing security vulnerability detection and performance optimization recommendations. It offers one-click exports, identifies SQL injection risks and permission gaps, and uses AI to suggest indexing strategies for improved query performance.
