Best of SecuritySeptember 2025

  1. 1
    Article
    Avatar of thnThe Hacker News·35w

    How One Bad Password Ended a 158-Year-Old Business

    KNP Logistics, a 158-year-old UK transport company, was forced into administration after the Akira ransomware group gained access through a weak, easily guessed employee password. The attackers encrypted critical data, destroyed backups, and demanded £5 million ransom, leading to 700 job losses. The incident highlights how basic security failures can destroy established businesses, with 45% of compromised passwords being crackable within a minute. Strong password policies, multi-factor authentication, zero-trust architecture, and tested backup systems are essential defenses against such attacks.

  2. 2
    Article
    Avatar of newstackThe New Stack·37w

    Linux: Deploy a Honeypot to Catch Your Server’s Attackers

    Learn how to deploy Cowrie, an open-source SSH/telnet honeypot on Ubuntu Server to detect and study unauthorized access attempts. The guide covers installation dependencies, creating a dedicated user, setting up a Python virtual environment, configuring port redirection, and monitoring logs to catch potential attackers before they reach production systems.

  3. 3
    Article
    Avatar of endlerMatthias Endler·34w

    On Choosing Rust

    Addresses common criticisms and misconceptions about adopting Rust in established software projects like git and coreutils. Debunks claims about Rust's performance limitations, security benefits, and motivations behind language adoption. Argues that Rust adoption is driven by practical concerns like memory safety and maintainability rather than hype, citing real-world examples and production use cases.

  4. 4
    Article
    Avatar of tigrisTigris·38w

    How LogSeam Searches 500 Million Logs per second

    LogSeam demonstrates how to build a high-performance security data lakehouse that searches 500 million logs per second with 1.5 TB/s throughput while reducing costs by 40-80%. The architecture converts JSON logs to compressed Parquet files, achieving 100x storage reduction, and uses globally distributed object storage with elastic compute for sub-second query responses across continents.

  5. 5
    Article
    Avatar of hnHacker News·37w

    Switching from Docker to Podman

    Podman offers a more secure alternative to Docker by eliminating the persistent daemon architecture that runs with root privileges. Running containers as direct child processes under user privileges, Podman reduces attack surface and provides better systemd integration, native Kubernetes alignment, and lighter resource usage. The migration from Docker to Podman is seamless with compatible CLI commands and existing Dockerfiles working without modification.

  6. 6
    Article
    Avatar of collectionsCollections·37w

    Compromise of npm Packages Highlights Supply Chain Vulnerabilities

    A major security breach compromised 18 popular npm packages including debug and chalk through a phishing attack on maintainer credentials. The malicious code targeted cryptocurrency transactions by intercepting wallet interactions in browsers, though no funds were reportedly stolen. This represents the largest supply chain attack in npm's history, affecting packages with billions of weekly downloads.

  7. 7
    Article
    Avatar of itsfossIt's Foss·36w

    sudo vs sudo-rs: What You Need to Know

    Ubuntu 25.10 will replace the traditional sudo command with sudo-rs, a Rust-based implementation that offers better memory safety and modern codebase maintenance. For regular users, the change is transparent - you'll still type 'sudo' but it runs sudo-rs underneath. System administrators should be aware that some advanced features like sendmail support and wildcards in sudoers files are not supported. The original sudo remains available as 'sudo-ws' and can be set as default using update-alternatives until Ubuntu 26.10.

  8. 8
    Video
    Avatar of lowlevellearningLow Level Learning·35w

    rust is causing a lot of problems...

    The GNU community is rewriting Linux core utilities in Rust for memory safety, but early implementations show significant problems. The Rust version of 'sort' fails on large single-line files, and the checksum implementation runs 17 times slower than the C version. While Rust rewrites make sense for security-critical binaries like sudo that cross privilege boundaries, most core utilities don't have meaningful threat models that justify the performance and compatibility risks of rewriting battle-tested C code.

  9. 9
    Video
    Avatar of fireshipFireship·37w

    The largest supply-chain attack ever…

    A massive supply chain attack compromised popular npm packages including Chalk, affecting over 2.5 billion weekly downloads. The attack began with a phishing email targeting maintainer Josh Junan, leading to malicious code that swapped cryptocurrency wallet addresses in web browsers. Despite the widespread impact across JavaScript ecosystems and CI/CD pipelines, attackers only stole about $50 worth of Ethereum before the community detected and neutralized the threat within 2 hours.

  10. 10
    Article
    Avatar of strongdmstrongdm·36w

    15 Role-Based Access Control (RBAC) Tools in 2025

    Role-Based Access Control (RBAC) tools help organizations manage who can access what systems and data based on user roles. This comprehensive guide covers 15 essential RBAC tools including identity providers (Okta, Microsoft Entra ID), cloud IAM services (AWS, Azure, Google Cloud), infrastructure tools (Kubernetes, Terraform), and specialized platforms for secrets management, workflow approvals, and audit logging. The tools work together to create layered security through identity verification, fine-grained permissions, automated provisioning, and comprehensive audit trails.

  11. 11
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·37w

    AspGoat: The First Intentionally Vulnerable modern ASP.NET Core App for OWASP Top 10

    AspGoat is a new intentionally vulnerable web application built with ASP.NET Core MVC, SQLite, and Entity Framework Core. It addresses the gap in security training tools for modern ASP.NET Core applications, offering hands-on challenges for OWASP Top 10 vulnerabilities including XSS, SQL injection, CSRF, SSRF, and more. The project includes secure coding challenges and comes with official Docker support for easy deployment.

  12. 12
    Video
    Avatar of johnhammondJohn Hammond·35w

    EVERYTHING in cybersecurity (for free)

  13. 13
    Article
    Avatar of systemdesigncodexSystem Design Codex·37w

    JWT versus PASETO

    JWT and PASETO are both token-based authentication mechanisms for secure client-server communication. JWT is widely adopted but has security pitfalls like algorithm confusion attacks and complex configuration choices. PASETO was designed as a safer alternative with secure defaults, enforced modern cryptography, and simplified specifications to prevent developer errors. While JWT has better ecosystem support and adoption, PASETO offers improved security through its opinionated approach that removes insecure options.

  14. 14
    Article
    Avatar of danielhaxxsedaniel.haxx.se·37w

    preparing for the worst

    The curl project has developed formal incident response guidelines after conducting a tabletop exercise simulating a major security breach. The team recognized the need for documented procedures covering incident declaration, role assignments, communication protocols, and resolution processes to prepare for potential high-severity security events.

  15. 15
    Article
    Avatar of bytebytegoByteByteGo·34w

    EP182: Cookies vs Sessions

    Explores the fundamental differences between cookies and sessions for user authentication in web applications. Cookies store data directly on the client side and are simpler to implement but less secure, while sessions store data server-side with only a session ID on the client, offering better security at the cost of additional server resources. Also covers access control models (RBAC, ABAC, ACL), machine learning fine-tuning techniques (Full Fine-Tuning, LoRA, RAG), Git reset operations, and Apache Kafka architecture.

  16. 16
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·37w

    How to Prevent CSRF Attacks in Your Applications

    Explores three major CSRF attack prevention strategies with practical demonstrations: SameSite cookie attributes that control cross-site cookie transmission, synchronizer token patterns that validate server-generated tokens, and double submit patterns that compare tokens from cookies and forms. Each mitigation addresses different core issues - browsers automatically attaching credentials and servers being unable to distinguish request origins. Includes live code examples and explanations of why attackers cannot forge CSRF tokens due to Same-Origin Policy restrictions.

  17. 17
    Article
    Avatar of sknexusSK NEXUS·37w

    Making Your Windows PC Work Better

    Windows PCs often come with bloatware that significantly impacts performance and can pose security risks. Removing this unnecessary software can dramatically improve system speed and responsiveness, particularly beneficial for gaming and general computing tasks.

  18. 18
    Video
    Avatar of codinggopherThe Coding Gopher·38w

    99% of Developers Don't Get Proxies

    Proxies are intermediary servers that act as gateways between clients and the internet, enabling anonymity, content filtering, load balancing, and bypassing geo-restrictions. The content explains forward vs reverse proxies, SSL termination, different proxy types (transparent, anonymous, elite), residential vs data center proxies, and SSL interception techniques that allow proxies to decrypt HTTPS traffic.

  19. 19
    Article
    Avatar of cujeptesdjlakzfxt7xfzDickson A.·35w

    Y Combinator Bot Secrets Leak

    Y Combinator experienced a security incident where bot secrets were compromised and exposed. The organization responded quickly to address the vulnerability, and the related GitHub issue has since been removed.

  20. 20
    Video
    Avatar of lowlevellearningLow Level Learning·36w

    literally the dumbest thing I've ever read

    A security researcher submitted a fake vulnerability report claiming to have found a critical buffer overflow in curl's cookie parsing mechanism. The report was generated using AI and contained a proof-of-concept that didn't actually call any curl functions, instead triggering a basic C string overflow in their own test code. Daniel Stenberg, curl's maintainer, quickly identified the report as AI-generated nonsense and closed it as invalid. This incident highlights the growing problem of AI-generated spam in bug bounty programs, wasting maintainers' time with false vulnerability reports.

  21. 21
    Article
    Avatar of selfhstselfh.st·36w

    Self-Host Weekly (12 September 2025)

    Weekly roundup covering self-hosting news including Plex security breach and password reset issues, comparison with Jellyfin, Apache Software Foundation logo update, Campfire going open-source, and various project updates. Features Sharry file sharing platform and includes community content like tutorials and command line tips.

  22. 22
    Article
    Avatar of kaliKali Linux·35w

    Kali Linux 2025.3 Release (Vagrant & Nexmon)

    Kali Linux 2025.3 introduces significant updates including refreshed HashiCorp Packer and Vagrant workflows, Nexmon support for Raspberry Pi Wi-Fi monitor mode and injection, 10 new security tools, and enhanced NetHunter mobile capabilities. The release also drops ARMel architecture support, adds configurable VPN IP panel plugin for Xfce, and includes CARsenal car hacking toolkit improvements with new automotive Metasploit modules.

  23. 23
    Article
    Avatar of krebsonsecurityKrebs on Security·36w

    Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security

    A self-replicating worm called Shai-Hulud has infected over 180 NPM packages, stealing developer credentials and automatically spreading to other packages. The malware uses stolen NPM tokens to modify popular packages, creates public GitHub repositories to expose stolen secrets, and briefly compromised CrowdStrike packages. Security experts warn this represents a new type of supply chain attack that can lay dormant and restart spreading, calling for mandatory human-verified 2FA for all package publications.

  24. 24
    Article
    Avatar of tcTechCrunch·38w

    Venezuela’s president thinks American spies can’t hack Huawei phones

    Venezuela's president claimed that Huawei phones cannot be hacked by American intelligence agencies, but security experts disagree. Huawei's custom hardware and HarmonyOS operating system may actually make their devices more vulnerable due to newer, less-tested code compared to established platforms like iOS and Android. The NSA has a documented history of targeting Huawei infrastructure and devices, with leaked documents from 2014 revealing extensive penetration of the company's systems for espionage purposes.

  25. 25
    Video
    Avatar of indentlyIndently·36w

    Python 3.14: The NEW T-strings are Awesome

    Python 3.14 introduces T-strings, a new template string syntax that preserves structure after evaluation unlike f-strings. T-strings use 't' prefix and create template objects that maintain literal parts and interpolated expressions separately, enabling safer string handling for HTML/SQL contexts, deferred rendering, and better sanitization of user input. The feature addresses limitations of existing approaches like f-strings, str.format(), and string.Template by providing both flexibility and security.

See all Security archives