Security News

Daily Security News

Exploits

Tools

Vulnerabilities

Reversing/I like ASM

Malware/APT

Crypto

Podcasts

Threat Intel

Privacy/VPNs

Help Wanted

Locks/Social Engineering

Security Blogs

Mainstream Media

Thirsty for more

Daily Security News

PacketStorm
Hacker Indicted Over Selling Backdoor Access To Companies new
Citrix Tells Everyone Not To Worry Too Much Over Its Latest Security Patches. NSA's Former Top Hacker Disagrees new
Police Are Buying Access To Hacked Website Data new
In Hong Kong National Security Law, Echoes Of China's Own Cyber Crackdown
Keeper Hacking Group Behind Hacks At 570 Online Stores
Hidden Cobra Built Global Exfil Network For MageCart Scheme
Tech Companies Suspend Processing Hong Kong Data Requests
US Secret Service Reports An Increase In Hacked MSPs
Yahoo Engineer Hacks 6k Accounts for Porn, But Gets No Jail Time
Apache Guacamole Found To Be Vulnerable, Not Delicious
V Shred Leaks PII, Sensitive Photos Of Fitness Customers
FakeSpy Android Malware Spread Via Postal Service Apps
The Register
Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5 new
One surefire way to get the boss's attention on network security is to get hacked. But there must be a better way? new
Criminals auction off stolen domain admin credentials for up to £95k. Your bank account details? Barely get £50 new
Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees new
Shopped recently in a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart
Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware
Social media giants move to defy Hong Kong's new national security law
Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers
Want to kill all the weak passwords? This may be the tool for you
Your 2.3m Instagram fans won't stop the FBI... Web star accused of plotting to launder millions from cyber-crime
You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act
Think of a number: A tale of iffy discount codes, supermarket loyalty cards and Hotels.com
Reddit - NetSec
Android MX Player — Path Traversal to Code Execution (CVE-2020–5764) new
Reddit's website uses DRM for fingerprinting new
Adventures in Citrix Netscaler / ADC security research new
Mitigation efforts for F5 vulnerability 2020-5902 mostly worthless as of 8 July. Go upgrade your code! new
An exploitation case study of CVE-2020-1062, a use-after-free vulnerability in IE11 new
Fuzzing the Windows API for AV Evasion new
PHP 7.4+ disable_functions Bypass using FFI new
Unauthenticated RCE in Citrix ADC new
Fuzzing sockets in Teeworlds game new
LoRaWAN 1.0, vulnerabilities and backward compatibility in version 1.1 new
Windows Process Injection: EM_GETHANDLE, WM_PASTE and EM_SETWORDBREAKPROC new
An offensive guide to the Authorization Code grant - Comprehensive and digestible enumeration of security concerns in the OAuth 2.0 Authorization Code flow new
Bleeping Computer
Palo Alto Networks fixes another severe flaw in PAN-OS devices new
Microsoft warns of Office 365 phishing via malicious OAuth apps new
First look: Microsoft's Project Freta detects Linux malware for free new
NVIDIA fixes code execution bug in GeForce Experience software new
Microsoft fixes Word, Skype hangs in July Office 2020 updates new
Risky blogspot.in domain for sale after Google fails to renew it new
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms
ThiefQuest info-stealing Mac wiper gets free decryptor
How to uninstall Microsoft Edge forced-installed via Windows Update
Microsoft takes down domains used in COVID-19-related cybercrime
Windows 10: The beginning of the end for Control Panel
US Treasury shares tips on spotting money mule and imposter scams
The Hacker News
The Incident Response Challenge 2020 — Results and Solutions Announced new
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products new
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service
Cato MDR: Managed Threat Detection and Response Made Easy
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

Threat Wire

Exploits

Packet Storm Exploits
ClearPass Policy Manager Unauthenticated Remote Command Execution new
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure
Online Shopping Portal 3.1 SQL Injection
Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation
BIG-IP TMUI Remote Code Execution
Sickbeard 0.1 Command Injection
openSIS 7.4 Unauthenticated PHP Code Execution
RSA IG+L Aveksa 7.1.1 Remote Code Execution
rauLink Software Domotica Web 2.0 SQL Injection
Fire Web Server 0.1 Denial Of Service
Nagios XI 5.6.12 Remote Code Execution
Exploit-DB Webapps
[webapps] SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)
[webapps] BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)
[webapps] Sickbeard 0.1 - Remote Command Injection
[webapps] Online Shopping Portal 3.1 - 'email' SQL Injection
[webapps] Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
[webapps] BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation
[webapps] File Management System 1.1 - Persistent Cross-Site Scripting
[webapps] RiteCMS 2.2.1 - Authenticated Remote Code Execution
[webapps] RSA IG&L Aveksa 7.1.1 - Remote Code Execution
[webapps] Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution
[webapps] WhatsApp Remote Code Execution - Paper
[webapps] ZenTao Pro 8.8.2 - Command Injection
Exploit-DB Local and Privilege Escalation
[local] RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC)
[local] KiteService 1.2020.618.0 - Unquoted Service Path
[local] Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
[local] Lansweeper 7.2 - Incorrect Access Control
[local] Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
[local] Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
[local] Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)
[local] 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH,DEP,ASLR)
[local] WinGate 9.4.1.5998 - Insecure Folder Permissions
[local] Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)
[local] Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)
[local] IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
Exploit-DB DoS
[dos] Grafana 7.0.1 - Denial of Service (PoC)
[dos] Fire Web Server 0.1 - Remote Denial of Service (PoC)
[dos] Code Blocks 20.03 - Denial Of Service (PoC)
[dos] Frigate 2.02 - Denial Of Service (PoC)
[dos] Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)
[dos] Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)
[dos] Filetto 1.0 - 'FEAT' Denial of Service (PoC)
[dos] AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
[dos] BIND - 'TSIG' Denial of Service
[dos] Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)
[dos] FlashGet 1.9.6 - Denial of Service (PoC)
[dos] VirtualTablet Server 3.0.2 - Denial of Service (PoC)
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
[remote] Microsoft Windows mshta.exe 2019 - XML External Entity Injection
[remote] mySCADA myPRO 7 - Hardcoded Credentials
[remote] SOS JobScheduler 1.13.3 - Stored Password Decryption
[remote] HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
[remote] Microsoft Windows - 'SMBGhost' Remote Code Execution
[remote] vCloud Director 9.7.0.15498291 - Remote Code Execution
[remote] Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
[remote] Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
[remote] WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
[remote] Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)
[remote] HP LinuxKI 6.01 - Remote Command Injection
[remote] Saltstack 3000.1 - Remote Code Execution

LiveOverflow

Vulnerabilities

Tools

Exploit Dev

Reddit - Exploit Dev
CVE-2020-5902 Analysis Help
Questions on Shellcoder Handbook Chapter 5
Resources on Windows 64 bit ROP techniques/gadgets?
someone is trying to get a Buffer Overflow
DEP is not disabled even when VirtualProtect() function is executed
Setting Up VM for Shellcoder Handbook
ROP chain with VirtualAlloc/VirtualProtect followed by return to stack/data fails
[latest win10/x64]Arbitrary Read&Write + module base address/heap leakage = code exec/leak stack?
ROP Emporium now includes ARMv5 challenge binaries
Rust is a memory-safe programming language. Will it make binary exploitation near impossible?
Reading and Writing arbitrary memory
Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
Source Incite
SQL Injection Double Uppercut :: How to Achieve Remote Code Execution Against PostgreSQL
Strike Three :: Symlinking Your Way to Unauthenticated Access Against Cisco UCS Director
Google Project Zero
FF Sandbox Escape (CVE-2020-12388)
A survey of recent iOS kernel exploits
Fuzzing ImageIO
You Won't Believe what this One Line Change Did to the Chrome Sandbox
Security Researchers
Common security misconfigurations and remediations new
Undetected e.04: TomNomNom – Hacking things back together
A summer learning list for better security awareness
DLL Search Order Hijacking
Detectify Crowdsource – Not Your Average Bug Bounty Platform
Zoom In: Emulating ‘Exploit Purchase’ in Simulated Targeted Attacks
Making my doorbell work
Continuous Security Monitoring using ModSecurity & ELK
Bring your own .NET Core Garbage Collector
Detectify security updates for 17 June
Apple ARM Mac rumors
Dark Basin: Uncovering a Massive Hack-For-Hire Operation

Reversing/I like ASM

Reddit - Reverse Engineering
I managed to get an onboard ROM dump of the Pokewalker. Hoepfully this can help with creating an emulator of sorts new
UM3481A Series - Multi-Instrument Melody Generator new
Restoring Satoru Iwata's 39 Year-Old VIC-20 Easter Egg
Emulating commercial anti-cheats on Linux for Wine gaming
Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1
Google payed thousands to spy on me, anybody want the black box firmware?
Reverse Engineering Custom Songs into Guitar Hero DS
Reverse Engineering Firmware (in Mice)
Analysis of EventBot: Android banking Trojan. There is available patched EventBot payload that displays debug logs while being executed on device to helps understand its…
I just released and open sourced my Visual Studio Code Theme - Midnight Spruce Pine !
REVERSE ENGINEERED UFO SIMULATION
Inner workings of hardware breakpoints and exceptions on Windows
Reddit - Game Hacks
Hacking question, any one online? new
Any FREE aimbot for War Thunder ?
I code game bots
How can i spoof my HWID ? War thunder overlay
Valorant BHOP Script
THE BEST CHEAP RUST CHEATS/HACKS/SCRIPTS/MACROS (undetected) (UPDATED) with ESP+ and aim assistance
Simpsons tapped out
RUST SCRIPTS/MACROS 2020 UNDETECTED PRIVATE (REGULAR UPDATES - ACTIVE DEV SUPPORT - TRUSTED SELLER W/ VOUCHES. (NEW SLOTS!)
How to get Mascot And Event And Halloween Goggles In 2k20
Anyone Know Call Of Duty Mobile Hacks?
Pokemon hack
Can anyone makse a script for an online mobile game, more like a mod menu (paid ofcourse)
Reddit - REGames
Moving libraries to subfolders
Ripping Music Videos from PS2 DDR Disc
Making Apex Legends load a map Offline
Finding where a bounds check occurs for some custom weather settings in Microsoft Flight Simulator X:Steam Edition
Trying to understand a render loop
extract proto files from il2cpp games?
War2 decomp
Pay to reverse engineer age of empires 3?
How would i go about ripping a weapon model + animations from bad company 2 and open it on blender?
Taking a games source code
Free Ghidra software RE Course
Any interest in a linker map for a PS2 game demo?
StackExchange - ReverseEngineering
Getting android app from device for reversing - what if there are multiple apks? new
dll injection (assembly code) new
Can I reverse engineer a DLL file and add SEH or some error handing codes to it? new
Debugged process not break on breakpoint
ARM7 32-bit Branch Offset Calculator
How do I find Python data structures in Linux process memory using Volatility?
How can I practically approach VM-obfuscated code with symbolic analysis/execution?
Figure out with fopen
Can anyone help me reverse process ex4 file?
Debugging Encrypted Malware with Multiple Threads
Reverse Engineer Unknown File Format
RE tips in using Ollydbg for beginners? [closed]

Guided Hacking

Malware/APT

Reddit - Malware
You can safely download best free Antivirus software developed for Windows 10 from our website. new
Unique Conti ransomware can be driven to target specific network hosts, skip local encryption new
File unlocker released for new Mac ransomware ThiefQuest new
ThiefQuest Ransomware detects VM (possibly)
Malware Analysis - Reverse engineering
Smadav Antivirus 2020 | Russians' most powerful computer protection software challenges other software.
DC441995
Using Frida and BurpSuite to quickly identify malicious functionality
Android Keylogger Injector
Opened PDF with this Trojan.WIN32.PDF.Alien.gen
APT 38 Samples
Xerox printing company breached by MAZE Ransomware
Unit42
Threat Assessment: EKANS Ransomware
Attackers Cryptojacking Docker Images to Mine for Monero
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
An Overview of GPS Tracking and Future Application for IoT
AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
6 New Vulnerabilities Found on D-Link Home Routers
Threat Assessment: Hangover Threat Group
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
Rootless Containers: The Next Trend in Container Security
Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
FireEye Threat Research
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
Using Real-Time Events in Investigations
Analyzing Dark Crystal RAT, a C# backdoor
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya
Putting the Model to Work: Enabling Defenders With Vulnerability Intelligence — Intelligence for Vulnerability Management, Part Four
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three
Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

Bug Bounties

Crypto

Reddit - Crypto
Didi Chuxing tests payments with digital yuan new
selamm new
GNU: A Heuristic for Bad Cryptography new
Is there any variable length encryption software or app? new
How SHA-2 Works Step-By-Step (SHA-256) new
Looking for a Dutch speaking person new
SHA-3 questions new
What specifically should I specialize in if I love cryptography?
Does Signal’s “secure value recovery” really work?
How to calculate Bit Strength?
Is it hard to spend crypto normally?
Is it possible to use DNA as an encryption key?
StackExchange - Crypto
Constructing a BLS elliptic curve with chosen base field and chosen scalar field new
How to devise cryptographic system with data-sharing ability and password reset new
How to declare 2048 bit key in RSA new
How big could be nothing-up-my-sleeve numbers to initialize key schedule? new
Is precomputing AES-CTR key stream secure? new
Sakumoto 3-pass MQ IDS Zero-Knowledge proof new
Could someone please elaborate on how (C^D mod N) mod P = C^D mod P, given that N = PQ, where P and Q are… new
RSA: Same message sent to two users, known n, e_1, e_2, c_1, c_2. Show how the attacker can recover the message. (Official+unofficial work included) new
Looking for a way to enlarge a message so that any modification to the "enlarged" message makes recovering the original message impossible new
Anamorphic Cryptography, what do you think about it? new
ROLLO: ideal codes new
I do many searches but can't find any explanation about "AES analysis using entropy" new

Podcasts

Security Weekly
The Dangerous Realm - PSW #656
Thunderstruck - PSW #655
Crazy Johnny's Discount All You Can Eat - PSW #654
Don't Hate the Player, Hate the Game - PSW #653
Heavily Loaded - PSW #652
Juicy Targets - PSW #651
It's Not Complicated, It's Syntax! - PSW #650
Nude Sunbathing In Your Backyard - PSW #649
Lube, Fire, & Hand Sanitizer - PSW #648
Secure Your Nipples - PSW #647
Exploitable By Design - PSW #646
Risky.Biz
Risky Business #591 -- EncroChat user experience includes getting owned, going to prison
Risky Biz Soap Box: No magic wand for business email compromise (BEC)
Risky Business #590 -- Cyber Command sounds alarm on PAN's yolo checkbox of doom
Risky Business #590 -- REPOST: It turns out we're not SAML experts
Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk
Feature podcast: Inside BellTrox's hacker-for-hire operation
Risky Business #588 -- Catastrophic bugs to plague ICS for years
Risky Business #587 -- Full scale of Indian hacking-for-hire revealed
Risky Biz Soap Box: A better way to provision access to production environments
Risky Business #586 -- Google TAGs Indian mercenaries
Feature Podcast: Releasing the hounds with Bobby Chesney
Risky Business #585 -- UK mulls Huawei ban, NGOs urge COVID-19 hack de-escalation
The CyberWire
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage. new
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
Solving hard problems and pursuing your passions.
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
Get your foot in the door and prove your worth.
Enter the RAT
Camille Stewart from Google and Lauren Zabierek from Harvard's Belfer Center on the Sharethemicincyber event.
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3…
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years…
Cyber Security Interviews
#094 – Deborah Golden: How Can I Support You Today
#093 – Kyle Hanslovan & Chris Bisnett: Crimeware Is a Business
#092 – Jack Kudale: You Gotta Have More Cowbell
#091 – Daniel Ayala: Does This Help Us
#090 – Anthony Bettini: Building What No One Else Has
#089 – Ed Bellis: Complexity is the Enemy
#088 – Mikko Hyppönen: You Might Have an Enemy In the Future
#087 – Steve Moore: It’s a Balancing Act
#086 – Dave Kennedy: The Basics Are Still Challenging
#085 – John Strand: Making the Industry Better
ISC Daily Stormcast
ISC StormCast for Thursday, July 9th 2020 new
ISC StormCast for Wednesday, July 8th 2020
ISC StormCast for Tuesday, July 7th 2020
ISC StormCast for Monday, July 6th 2020
ISC StormCast for Thursday, July 2nd 2020
ISC StormCast for Wednesday, July 1st 2020
ISC StormCast for Tuesday, June 30th 2020
ISC StormCast for Monday, June 29th 2020
ISC StormCast for Friday, June 26th 2020

Threat Intel

Reddit - Onions
Looking for a TOR and Network security specialist new
Opinion requested new
#MoreOnionsPorfavor: Onionize your website and take back the internet new
Where to find Blue whale game? new
New domain for Asocial Network new
Fortune Cookies on the Deep Web new
KelvinSecTeam new
Need help with this question new
another bb compendium request new
New to this whole onion thing new
General question for whoever
Recent increases in Tor network diversity
Reddit - Pwned
Ransomware attack on insurance MSP Xchanging affects clients
Heard about this website where you can check if your password is leaked. This is what it said for my mail. Am i screwed? What…
Business giant Xerox allegedly suffers Maze Ransomware attack
Nintendo now says that the accounts of 300,000 Switch users have been hacked
Honda employees report massive ransomware hack on corporate network.
25 million user records leak online from popular math app Mathway | ZDNet
Home Chef announces data breach after hacker sells 8M user records
EasyJet admits nine million customers hacked
Hackers' private chats leaked in stolen WeLeakData database
ULMON (Maps2Go) USER ACCOUNT DATA BREACH - 778K Accounts Compromised
Dating app MobiFriends silent on security breach impacting 3.6 million users | ZDNet
11 million Unacademy user accounts were hacked in January — and they are now up for sale on Dark Web
HaveIBeenPwned
Quidd - 3,805,863 breached accounts
Foodora - 582,578 breached accounts
Mathway - 25,692,862 breached accounts
Zoomcar - 3,589,795 breached accounts
Lead Hunter - 68,693,853 breached accounts
Wishbone (2020) - 9,705,172 breached accounts
LiveJournal - 26,372,781 breached accounts
PetFlow - 990,919 breached accounts
Artsy - 1,079,970 breached accounts
Lifebear - 3,670,561 breached accounts
Nulled.ch - 43,491 breached accounts
Covve - 22,802,117 breached accounts

Privacy/VPNs

Slashdot - Rights
Police Are Buying Access To Hacked Website Data new
MIT and Harvard Sue DHS and ICE Over International Student Rule new
Security Cameras Can Tell Burglars When You're Not Home, Study Shows
Only 9% of Visitors Give GDPR Consent To Be Tracked
Trump Administration Begins Formal Withdrawal From WHO
7th Former eBay Employee Charged In Cyberstalking Campaign Targeting Natick Couple
Hackers Are Exploiting a 5-Alarm Bug In Networking Equipment
Foreign Students Must Leave the US If Their Universities Transition To Online-Only Learning
Supreme Court Upholds Cellphone Robocall Ban
Facial-Recognition Firm Ends Operations in Canada, Watchdog Says
US Tech Giants Halt Reviews of Hong Kong Demands For User Data
Body Cam with Military Police Footage Sold on Ebay
Reddit - Privacy
Write a book? new
Unlabeled entry in google Authenticator? How to find out what it was for? new
Windows 10 new
Change SIM card? new
Google's File on You Is 10 Times Bigger Than Facebook's — Here's How to View It new
Should I trust the app “Contacts +”? new
So...the police have connected to my wifi new
New records show Google, Microsoft, and Amazon have thousands of previously unreported military and law enforcement contracts new
Firefox Send is being forced to have login (not anonymous anymore). new
Using Youtube new
What will I be missing from using LineageOS instead of GrapheneOS? new
Reddit login from sharktech?? new
Reddit - VPN
BGP Communities_No-advertise configuration new
If I use a google account with a VPN then sign out of the account and turn the VPN off am I at risk of… new
VPN yes or no? new
Is it legal to use a VPN account that you found the password to on a website? new
Striesand new
VPN Use Soars in Hong Kong new
Hello! Anyone know to anonymously pay for a VPN in the UK? new
DoH/DoT with proxy vs VPN new
IP leaking location new
इन्टरनेट की 5 सबसे गज़ब वेबसाइट | 5 Most Amazing Websites on the Internet new
ProXPN stopped working - SSL handshake failure, part of their website down new
Use VPN outside HK/China? new

Help Wanted

Reddit - AskNetSec
Which OSI layer would Little Snitch and Pi-Hole operate at? new
What is best cert for pentesting beginner? GPEN or OSCP, or other? new
Product-based ecosystem vs SIEM-based new
Besides from pentesting what are some legitimate uses for mimikatz? new
How to organize information security teams in a company? new
Should I be concerned about a reddit user possibly having my IP address?
Who owns CASB in your org?
IT/InfoSec Analyst Part-time by myself?
Mitigation of risk associated with loss of domain name.
Real-time log streaming from Office365 - what "other solution" is there than the Management API?
Which American companies develop offensive tools?
How much programming goes into penetration testing and reverse engineering?
Reddit - Netsec Students
OWASP 10 Days of Challenges - Learn about each vulnerability over 10 days. new
Ethical Hacking - 1 (Basic Linux Commands) new
GitHub Student Pack Domain Name Question
Wondering the best way to learn Vulnerability Management
Exploit Development - Finding Zerodays With Github
100 bug bounty lessons FREE in just 20 hours to get a job easily - 45 lessons uploaded
How to improve reverse tcp/http meterpreter backdoors so they aren't discover by Windows Defender ?
[video] Deserialization
Transitioning to threat analyst
Introduction to Networking | Network Basics for Beginners - MAC Addresses
Resources for Learning From Home
Lets talk about ethical hacking books (My top 3 for beginners)
Stackoverflow - Security
Is HTTPS required if my service is only called/exposed within K8 cluster new
How to get the authenticated user name in Python when fronting it with IIS HTTP PlatformHandler and using Windows auth? new
Accessing security scoped resource on iOS new
Downloading windows from torrent new
Can req.user of passport.js be manipulated? new
Guzzle disabling certificate verification to false, how insecure is it? new
Is submitting form from Laravel blade dangerous? [closed] new
Terraform (AWS) Creating private acl dynamically with looping logics new
Frontdoor showing server header Microsoft-IIS/10.0 new
Is this an acceptable approach to refreshing JWTs? new
Fail2ban regex not matching after site moved behind load balancer new
Send password. Urlencoded or multipart? new
Stack Exchange
Why request shell commands from nginx? new
Strange Proxy Application Behavior on iOS 13.5.1 new
Does Anyone Know ReliaBills API? new
What does it mean if a domain does not have any WHOIS information available? new
Password-reset mechanism based on Sessions new
pfx file encryption algorithm new
How many possible combinations are possible with a 256 Hex Character Password? [closed] new
Why do I receive phishing mails from my bank shortly after visiting the bank's site? new
The Other Side of CAPTCHA [closed] new
How to devise cryptographic system with sharing ability new
Is bitlocker without a PIN as good as having no hard disk encryption at all? new
Thoughts on SameSite cookie and CSRF new

Locks/Social Engineering

Reddit - Lockpicking
Second day picking new
New york locksmith new
I have been battling this lock for 4 months, first greenbelt lock (abus 72/40) new
Sanding picks new
American 1000 series now trying to get it on camera is next step new
Been killing it 1100,410,72-40 new
That first pin. new
clip from over a month ago that i forgot to post here new
Is their any difference? new
Little end of the day 1100. new
Finally! First DD pick made on the lathe. Now to learn how to pick an Anchor lås new
Got my Gen 3 on camera with better quality new
Reddit - Social Engineering
If National Jobs Unemployment Rate Over 1%, Then The Problem Is Your Government & Groups Behind new
If you are interested in Physical Security, join us ! new
How To Make Formula 1 Racing Better, Fairer & More Interesting new
How can I make my conversations with my mechanic not awkward?
How to be less gullible?
Promote your Business Link, Website on fiverr
I Can Help The North Korea, Iran Trade Normally With The Rest Of The World, Easy Bypass All Sanctions
William Lutz on Doublespeak - Language that pretends to communicate but actually misleads while pretending not to
Friends For Sale - what's the essence of unique phenomenon?
I have a community with a few hundreds who would like to learn in a group. What's the ideal way of forming groups?
Machiavelli - A Deep Scrutiny of his Ideas and Tactics
How can I know how to apply social engineering skills to hacking if I am bad at lying?

Hak5

Security Blogs

Security Bloggers Network
RDP-Based Ransomware is Targeting School Districts; What Can You Do to Prevent It? new
AppSecCali 2020 – Elizabeth Nammour’s & Pinyao Guo’s ‘Building Data Discovery And Classification At Scale’ new
Pirated WordPress Plugins Bundled with Backdoors new
Supreme Court Passes on Limiting TCPA Litigation new
XKCD ‘Universal Rating Scale’ new
Your SOAR Has Changed Your Life, Here Are Three Ways It Can Work Harder new
2020 is on Track to Hit a New Data Breach Record new
Best Business Tools of 2019 Winner | Avast new
AppSecCali 2020 – Lakshmi Sudheer’s & Dhivya Chandramouleeswaran’s ‘Who Dis? The Right Way to Authenticate’ new
15 billion usernames and passwords for internet services including bank and social media accounts on offer to cyber criminals, finds new research from Digital Shadows new
State of Ransomware in the US: Report and Statistics for Q1 and Q2 2020 new
Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach new
ThreatPost
Advertising Plugin for WordPress Threatens Full Site Takeovers new
Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing new
Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks new
15 Billion Credentials Currently Up for Grabs on Hacker Forums new
BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
Cerberus Banking Trojan Unleashed on Google Play
Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites
First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered
Android Users Hit with ‘Undeletable’ Adware
Admins Urged to Patch Critical F5 Flaw Under Active Attack
digitalmunition
Sri Manchala Accepted Into Forbes Technology Council new
Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation ≈ Packet Storm new
Online Shopping Portal 3.1 SQL Injection ≈ Packet Storm new
Ubuntu Security Notice USN-4421-1 ≈ Packet Storm new
Ubuntu Security Notice USN-4419-1 ≈ Packet Storm new
3 Technology Stocks to Buy That Are Still Attractively Priced new
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure ≈ Packet Storm new
A New World of Technology Convergence Set for Access Control Industry new
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution ≈ Packet Storm new
Mindset before technology in digital transformation new
ClearPass Policy Manager Unauthenticated Remote Command Execution ≈ Packet Storm new
Banning use of facial recognition technology among Michigan lawmakers’ proposed police reforms new
eHacking News
Hackers Attack Online Stores Stealing Credit Card Data, Experts Allege North Korea new
Ozon launched a bug bounty on HackerOne new
Hackers "showed ethics" and did not attack medical services in Russia during the pandemic
A New and Amazingly Simple Device in an Era of Pandemics to Protect Your Privacy
Android Malware, FakeSpy Spying on Users' Banking Information Acting as Postal Services
Gmail spam filter breaks down, warning issued to millions of gmail users
Hackers hacked Twitter account of the Russian Foreign Ministry and put up for sale data from tourists
CNY Works Data Breach: Personal Details of 56,000 Customers Exposed
In six months, hackers attacked Russian government systems more than a billion times
Enterprises Improving Their Response to Cybersecurity Incidents, Yet Contributing To Reduce the Effectiveness of Defense
Indians to use VPN as a way to evade ban on Chinese Apps
The Public Chamber of the Russian Federation reported a DDoS attack on its website
Wired - Security
Hong Kong's Security Law Puts Big Tech at a Crossroads new
Looks Like Russian Hackers Are on an Email Scam Spree
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment
How to Passcode-Lock Any App on Your Phone
Encryption-Busting EARN IT Act Advances in Senate
The Worst Hacks and Breaches of 2020 So Far
New Mac Ransomware Is Even More Sinister Than It Appears
Schools Already Struggled With Cybersecurity. Then Came Covid-19
How to Get Safari's New Privacy Features in Chrome and Firefox
Is It Legal for Cops to Force You to Unlock Your Phone?
Julian Assange Faces New Conspiracy Allegations
An Embattled Group of Leakers Picks Up the WikiLeaks Mantle
Krebs on Security
E-Verify’s “SSN Lock” is Nothing of the Sort
Ransomware Gangs Don’t Need PR Help
COVID-19 ‘Breach Bubble’ Waiting to Pop?
Russian Cybercrime Boss Burkov Gets 9 Years
New Charges, Sentencing in Satori IoT Botnet Conspiracy
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy
Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com
Microsoft Patch Tuesday, June 2020 Edition
Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity
Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service
Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion
Naked Security
Mozilla turns off “Firefox Send” following malware abuse reports new
Kinda sorta weakened version of EARN IT Act creeps closer new
Company web names hijacked via outdated cloud DNS records
Flashy Nigerian Instagram star extradited to US to face BEC charges
Boston bans government use of facial recognition
Monday review – the hot 11 stories of the week
Facebook hoaxes back in the spotlight – what to tell your friends
Google buys AR smart-glasses company North
MongoDB ransom threats step up from blackmail to full-on wiping
133m records for sale as fruits of data breach spree keep raining down
Microsoft issues critical fixes for booby-trapped images – update now!
Google stops pushing scam ads on Americans searching for how to vote
Schneier on Security
Half a Million IoT Passwords Leaked new
IoT Security Principles
ThiefQuest Ransomware for the Mac
Friday Squid Blogging: Strawberry Squid
EncroChat Hacked by Police
The Security Value of Inefficiency
Securing the International IoT Supply Chain
Android Apps Stealing Facebook Credentials
iPhone Apps Stealing Clipboard Data
Friday Squid Blogging: Fishing for Jumbo Squid
The Unintended Harms of Cybersecurity
Analyzing IoT Security Best Practices
Linux Security
Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020> new
Linux Kernel Security in a Nutshell: How to Secure Your Linux System> new
Ex-Solus Dev is Now Creating a Truly Modern Linux Distribution Called Serpent Linux>
Cartesi Launches 'Descartes' SDK Portal - Future of DApps>
Linux Mint 20: Still the best Linux desktop despite one quirk>
Linux Foundation group that could improve privacy of facial biometrics adds members>
Tails Linux OS Version 4.8 Released with Major Security Updates>
7 Best Linux Distros for Security and Privacy in 2020>
6 ways HTTP/3 benefits security (and 7 serious concerns)>
New Republican bill latest in long line to force encryption backdoors>
Open Source Security Issues Exist: Deal With Them, Report Urges>
Nvidia squashes display driver code execution, information leak bugs>
Dark Reading
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets new
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime new
As More People Return to Travel Sites, So Do Malicious Bots new
More Malware Found Preinstalled on Government Smartphones new
US Charges Kazakhstani Citizen With Hacking Into More Than 300 Orgs new
How Advanced Attackers Take Aim at Office 365 new
Fresh Options for Fighting Fraud in Financial Services new
Why Cybersecurity's Silence Matters to Black Lives new
A Most Personal Threat: Implantable Devices in Secure Spaces new
EDP Renewables Confirms Ransomware Attack
Treasury Releases Fraud and Money Mule ID Tips
Microsoft Seizes Domains Used in COVID-19-Themed Attacks
Securelist
Redirect auction new
Pig in a poke: smartphone adware
Whitehat Security Blog
HITB News
Hong Kong's Security Law Puts Big Tech at a Crossroads new
Android phones could be hiding ‘undeletable’ malware new
Intel details Thunderbolt 4: Required DMA protection, longer cables, and more new
Trump administration “looking into” ban on TikTok, other Chinese apps new
Yahoo engineer hacked 6,000 accounts looking for homemade porn new
Mozilla suspends Firefox Send due to malware abuse new
Microsoft neuters Office 365 account attacks that used clever ruse new
FBI nabs Nigerian business scammer who allegedly cost victims millions
North Korean hackers linked to Magecart attack spree
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment
Tech Confronts Its Use of the Labels ‘Master’ and ‘Slave’
The UAE’s First Mars Mission Is a Robo-Meteorologist
The RISKS Digest
Re: A Doctor Confronts Medical Errors new
Re: Jane Goodall on conservation, climate change and COVID-19 new
Early Covid-19 tracking apps easy prey for hackers, and it might get worse before it gets better new
Re: Breaking HTTPS in the IoT: Practical Attacks For Reverse new
In Hong Kong, a Proxy Battle Over Internet Freedom Begins new
What we need is social-media distancing new
Not so random acts: Science finds that being kind pays off new
How my dad got scammed for $3,000 worth of gift cards new
Encrypted Phone Network of Mob is Hacked in Europe new
Risks of Editing Wikipedia new
Goodbye to the Wild Wild Web new
Supreme Court bans debt collection robocalling to cellphones new
Kaspersky Blog
Sandbox for experts
Crack me if you can
The hunt for Office 365 accounts
Transatlantic Cable podcast, episode 149
Simple defense against complex attacks
The state of cybersecurity in the time of COVID-19
4 ways to royally leak your company data
What are App Clips and Instant Apps?
How to secure DevOps
Transatlantic Cable podcast, episode 148
Zoom 5 moves toward security
Google Analytics as a data exfiltration channel
Adam Shostack & friends
Internet Society Opposition to LAED Act
Threat Model In My Devops
Threat Modeling & the SAFE Framework
The Cyentia Library Relaunches
Happy Juneteenth!
The Jenga View of Threat Modeling
Threat Research: More Like This
Sonatype Report on DevSecOps
Contextualisation of Data Flow Diagrams…
“Best Practices for IoT Security”
Evidence Based Security
One Bad Apple
Graham Cluley
Password security is critical in a remote work environment – see where businesses are putting themselves at risk
Ex-Yahoo employee avoids jail, despite hacking 6000 accounts, and stealing nude photos and videos
Appearing on the Hacker Valley Studio podcast
Hackers hijack Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data
Has your Roblox account been hacked to support Donald Trump?
How to better protect your Roblox account from hackers with two-step verification (2SV)
Websites of eight US cities poisoned by malware skimming the credit card details of residents
22,900 MongoDB databases held to ransom by hacker threatening to report firms for GDPR violations
Smashing Security podcast #185: Bieber fever, Roblox, and ransomware
Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments
Voice recordings from domestic violence alerting app exposed on the internet
Rapid7
Seeing Value From Day One: What You Need to Know About Cloud SIEM Deployment and Configuration new
Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program
Gain a More Dynamic View: How to Connect Cloud Configuration Assessment in InsightVM to CloudTrail in AWS
InsightAppSec Release Roundup: What’s New and Updated
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
Unlocking the Power of Macro Authentication in Application Security: Part Two
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
Building a Printed Circuit Board Probe Testing Jig
Rapid7 Managed Detection and Response (MDR): The Service that Never Sleeps
Customer Spotlight: How Amedisys CISO Proves Security’s Value to the Business
Hacker News (YCombinator) - Security
Robinhood Has Lured Young Traders, Sometimes with Devastating Results new
Tauri – toolchain for building secure native apps that have tiny binaries new
Foreign data wrappers: PostgreSQL's secret weapon? new
FBI chief says China threatens families to coerce overseas critics to return
Vanta (YC W18) is hiring as we build simple security and compliance for startups
Right-Wing Media Outlets Duped by a Middle East Propaganda Campaign
Calls for TikTok to be banned in Australia over Chinese spying fears
Playstation's secret weapon: a nearly all-automated factory
Around 293 intermediate CAs in violation of CA/Browser guidelines
Did a Chinese Hack Kill Nortel?
Why I’m Writing a Book on Cryptography
Georgia Tech professors revolt over reopening, say current plan threatens lives
Hacker Noon #Security
Introducing DChat - Decentralized Chat for All new
Security Measures for Cryptocurrency Owners new
Implementing 2FA: How Time-Based One-Time Password Actually Works [With Python Examples]
Newest Malware from China
Italy Launches Contact Tracing App; Proves We Shouldn't Compromise On Privacy?
A Post Pandemic Environment Will Be Ripe for The Adoption of Decentralized Stablecoins
Cybercrimes: What to Expect in 2020?
10 Reasons to Get Your Cybersecurity Certification
Insiders Breach Your Organization’s Data (Data Tells Us So)
Exploring the Strategy and Technology by TikTok to Attract Gen Z
Zoom 5.0: Major 5 Security Updates You Need to Know
How To Eliminate Leaky S3 Buckets Without Writing A Line Of Code

Security in Mainstream Media

Google News Hacking
Testimony Wraps in Trial of Accused Russian Hacker - Courthouse News Service new
Woman's genius 'tampon hack' brings overwatered plants back from the dead - Newshub new
LEFT TO MY OWN DEVICES: What are hackers up to lately? - Times Tribune of Corbin new
Smartwatch hack could send fake pill reminders to patients - BBC News new
Hacking the marketing remit - CMO new
Police buying hacked data, bypassing legal processes - Business Insider - Business Insider new
Researcher: Exchanges Could Fight Hackers By Renting Mining Power - Cointelegraph new
Anonymous Crypto Hacker’s Identity Revealed by US Authorities - Cointelegraph new
Ethical hackers predict more attacks coming against government sites - Mexico News Daily new
Hacker's Brief - County 17 new
Army takes new steps to stop hackers - Fox News new
Social Media Pictures Provide Hackers with Information - Spectrum News 1 new
Google Cyber Security
Worries raised over cyber security risk at Crossrail - Building new
Cyber Security Software Market Report – COVID-19 Outbreak – Global Industry Development Trends, Threats, Opportunities and Competitive Landscape in 2020 - Cole of Duty new
CORONAVIRUS (COVID-19) IMPACT ON Cyber Security Market OUTLOOK, RECENT TRENDS AND GROWTH FORECAST 2020-2025 - 3rd Watch News new
Should you delete TikTok? 3 cyber security experts answer - Yahoo Finance Australia new
You Are The Weakest Link - Cyber Security Hub new
K2 partners with GuardSight to secure web apps and container workloads against sophisticated attacks - Help Net Security new
Leadership In Cyber Security: Who Takes Responsibility? - Analysis - Eurasia Review new
Strategies for Overcoming the Cybersecurity Skills Gap - Security Boulevard new
Help Wanted: Biden campaign hiring cyber professionals - FCW.com new
How new API adapters bring unity to the tangle of cybersecurity reporting tools - FedScoop new
The Official Cyber Security Summits Are Going Virtual for 2020 - LP Portal new
Cyber Security in BFSI Market Can Bring Biggest and Innovative Transformation In Financial World with Fortinet, Cisco, Trend Micro, Symantec - Cole of Duty new

Thirsty for more

Hacker News (YCombinator)
Moving from TypeScript to Rust / WebAssembly new
CoinTracker is hiring a remote engineer to build a new financial assistant new
Java Optimized Processor new
Seeking Truth in a Time of Misinformation new
Procrastination Journal new
Web Monetization new
MoreOnionsPorfavor: Onionize your website and take back the internet new
XMPP works – 1 July 2020 new
Why time feels so weird in 2020 new
We can't send email more than 500 miles new
Tesorio (YC S15) is hiring managers and engineers – join our distributed team new
The saddest “Just Ship It” story ever new
Reddit - Cyberpunk
OC / WIP - roboneko is a model I just finished boning and rigging new
Anyone post about the Cyberpunk Culture virtual conference yet? Academic virtual conference starting July 9th about the cyberpunk genre on media, literature, etc. Presentations already… new
TORONTO [カナダ] new
C Y B E R P U N K -- Fan Art by Soufiane Idrassi new
Big news for everyone who loves to complain about Ready Player One! The sequel will be released in November, Ready Player Two! new
Cyberpunk stories new
Finished painting my second cyberpunk cover. new
Since 2020 dystopia has never looked this compelling. new
Epic hybrid trailer new
Four Canadian military schools affected by cyberattack new
Shamans Of The Sun by Atom Gate new
Overlook by Nathan Clark new
Reddit - Security CTF
Regarding Writeups new
100 bug bounty lessons and 100 unique security issues learning in just 20 hours easily
ForwardSlash: Hack The Box Walkthrough
ForwardSlash - Write-up - HackTheBox by noraj
ForwardSlash HackTheBox Writeup - samirettali.com
Security Battle Royale?
ForwardSlash - Hack the Box Write-up
Hack the Box - ForwardSlash - Write-up
Do you want to join a learning environment/CTF focused discord server?
247CTF - Practice hacking by reverse engineering a custom bootloader
Ten deserialization exploitation challenges
Free Trials and Free Installation
Reddit - Sysadmin
Windows 2019 Disk Spanning Question new
AD Domain Account Repeatedly Locking new
Will updating java on vsphere 5.5 cause any problems? new
How did you learn and how did you get your start? new
[AD] After succesful ADPREP, directory services are offline [Windows Server 2016 / 2008 R2] new
What are some good outage songs? new
Template and best way to spoof each of the regions manager, with click through link stats to see who is clicking a link. new
Any kaspersky sales rep here? I am in need of a help new
Can employers monitor my system through web apps? new
Packaging/deployment new edge new
Linux kernel goes inclusive - call to action new
Any interesting questions to ask on a questionnaire? ( IT project bid) new
Lobste.rs
"Interface smuggling", a Go design pattern for expanding APIs new
Turn any website into a live wireframe new
Text Encoding: The Thing You Were Trying to Avoid new
Haxe Blog: Immix-based GC improves HashLink performance new
Git Credential Manager Core: Building a universal authentication experience new
jklp: a 36-key ergonomic keyboard new
DIY SSH Bastion Host new
Cryptography Dispatches: DSA Is Past Its Prime new
Why Go’s Error Handling is Awesome new
The architecture of nginx (2012) new
First impressions with Single-SPA new