cybersecurity

Summary Postman is an easy-rated Linux machine on HackTheBox. The box exposes an unauthenticated Redis instance that allows writing an SSH public key to the redis user's .ssh directory, granting initial shell access. From there, an encrypted RSA private key belonging to user Matt is recovered, cracked offline with John the Ripper, and reused (due to password reuse) to su into Matt for the user fl…

The scary part of an agent-driven container escape is not the container escape. That sounds wrong, so let me be precise. The primitives in Sysdig's latest threat research are not new magic. A mounted Docker socket has been a bad idea for years. Over-permissioned Kubernetes service accounts have been a bad idea for years. Privileged containers are dangerous. Host namespace tricks are dangerous. Se…

The Incident Microsoft's threat intelligence team has attributed a supply chain attack targeting the Mastra AI ecosystem to Sapphire Sleet (also tracked as BlueNoroff), a North Korean state-sponsored hacking group. The attackers compromised over 140 npm packages — not obscure, one-download throwaway packages, but packages embedded in the Mastra AI dependency graph that developers and AI coding to…

A developer merges a pull request on a Friday afternoon. The repository is public. The commit includes an AWS access key hardcoded in a config file. Twenty minutes later, an email arrives from AWS Abuse. By then, someone has already found the key, spun up EC2 instances in three regions, and started mining. The bill reaches $3,000 before the key is rotated. This is not a rare scenario. It happens …

At some point I needed a fast way to get SIP traffic monitoring into Prometheus — without installing agents on servers, configuring SPAN ports on switches, or being locked into specific software. Just connect to a network interface and see everything happening. With minimal latency and zero impact on telephony performance — monitoring shouldn't become the source of problems. In this article — how…

Originally published at shieldly.io/blog . "Least privilege" — granting an identity only the permissions it needs and nothing more — is the most repeated advice in AWS security and the least often followed. Not because teams disagree with it, but because manually scoping every policy is tedious, and an over-broad policy "just works." Here is a practical workflow for getting there without grinding…

Remote File Inclusion (RFI) is a web vulnerability where an application accepts a URL from user input, fetches the file at that URL, and executes it. When there is no validation on what URLs are allowed, an attacker can point the application to a malicious script on their own server and get it executed remotely. This pattern shows up in automation tools, plugin systems, and CI/CD pipelines. The i…

Whenever I set up a new VPS, I always dedicate my first 45 minutes to essential security steps. This period is a critical window to protect the server from the simplest yet most common external attacks. The moment a server goes online, it starts being scanned by bots within seconds, and systems left with default settings quickly become targets. In this guide, I'll share a fast and effective VPS h…

Hi, it's Furkan. I'm a security professional prepping for the CompTIA SecAI+ (CY0-001) cert, and I couldn't find study material that actually clicked for me, so I built my own and structured it around the exam blueprint. This is me sharing it back. Each post maps to one objective, and I've leaned hard on real-world scenarios because that's what made it stick for me. If it helps you pass too, even…

The dangerous thing about CI agents is not that they can write code. It is that they run in the place where we already concentrate trust. CI has repository access. CI has tokens. CI has build logs. CI can fetch dependencies, publish artifacts, comment on pull requests, open issues, deploy previews, and sometimes touch production systems. It is the automation layer we taught ourselves to trust bec…

For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it would work now with Anthropic’s cybersecurity model Mythos.

Defenders don't rest. They wake up every day thinking about how to protect the systems that they are charged to protect. Meanwhile, attackers are also looking for crafty ways to infect a system or break into computer networks. In the end, it's good for everyone if defenders are always one step ahead of the attackers. EvilTokens: A phishing attack that doesn’t steal your password A phishing attack…

Proceed to the article The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned packages and push malicious updates that would install malware on users' systems. It is unclear how many users were compromised in the attack, but the maintainers were playing Wh…

Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s guardrails.  Cybersecurity researchers have since signed an open letter calling the move dangerous, and Anthropic itself noted the same jai…

At work, nobody questions why we have logging, alerting, and a daily look at what changed overnight. At home, the same network runs a NAS, a media stack, Home Assistant, and a handful of containers. And for years my only "security monitoring" was noticing something was broken. So I built myself a small, read-only security operations setup for the homelab: a daily audit script and a cross-domain d…

Scientific Reports, Published online: 19 June 2026; doi:10.1038/s41598-026-58602-y GLANet: global and local anomaly network for distributed cyber threat detection using FL

Most DNS attacks people know about involve changing where a domain points: cache poisoning, hijacking, subdomain takeover. But two of the more insidious DNS attack techniques work differently. DNS rebinding turns a victim's own browser into a tool for reaching systems it should never be able to touch. NXDOMAIN hijacking exploits the moment when a domain doesn't exist, turning "not found" into an …

Dr. Abhishek Kumar Tiwari, Prof., Faculty of Law, University of Lucknow Amit Kumar Mishra, Research Scholar, Faculty of Law, University of Lucknow ABSTRACT In a time marked by global digital interconnectivity, the rapid escalation of cybercrime has compelled governments across the world to establish extensive surveillance frameworks and enact stringent cybersecurity policies. Although such measur…

Phishing attacks remain a major cybersecurity threat, particularly in environments where human factors play a critical role in system vulnerability. While organizations widely implement information security training and awareness programs, evidence on their effectiveness in promoting protective behavior remains inconsistent. This study examines the relationships among information security trainin…

Stolen credentials have become one of the clearest examples of cyber risk turning into business risk. A single username and password can give an attacker the same access as an employee, a contractor, a supplier, or an administrator. From the board’s perspective, this makes credential exposure a governance issue, a financial issue, and a resilience issue.