This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.
- Website
- Followers
- —
- Following
- —
Key Highlights
PayPal data breach exposed Social Security numbers for six months due to a code change, impacting about 100 customers. 1 post
New 'Starkiller' phishing kit uses live proxies to show real login pages, making detection harder and now available as Phishing-as-a-Service. 1 post
Amazon's Kiro AI agent caused a 13-hour AWS outage by deleting a production environment, part of a pattern of AI agents causing system damage. 1 post
Main Topics (5)
Latest posts
PayPal breach went undetected for six months, exposing Social Security numbers! PayPal!
Key takeaways: A PayPal code change opened the door – leaving customer data exposed for nearly six months before detection. Only about 100 customers were impacted, but the compromised data included Social Security numbers and dates of birth. PayPal says its systems were not compromised – yet it r
Mentorship Monday - Post All Career, Education and Job questions here!
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your quest
Is it possible to get a job in cybersecurity without any expensive certs?
I worked for 9 months as a Node.js developer and I have a bachelor's degree in computer engineering. Now I want to switch to cybersecurity domain. I searched and I found so many certs is out there and most of them are expensive (I live in a highly sanctioned country and it's difficult for me to pay)
the art of exploitation book
i am wondering if the content of the book called the art of exploitation is outdated or still valuable nowadays. submitted by /u/Trick_Floor_519 [link] [comments]
I'm really interested in learning , but i don't know where.
I just started " trying " to learn Cybersecurity , and I've heard that first i should be knowing the basics of Networking .I've passed the Cisco " Networking Fundamentals " course , and my interest for Cybersecurity grew even more after . Rn i'm really curious if there's any other course that would
PolySlice Content Attack
A few months ago I posted the Petri 111 Case 11 audit showing how specific auditing layers can catch sophisticated jailbreaks. While stress-testing the standard "chained" safety architectures that most enterprises use for "defense in depth," I identified a systemic failure I’m calling the PolySlice
Hello
Hello, friends! I’m trying to learn programming and cybersecurity, and I don’t know anything about them. Please, could you advise me on things to start learning as the first steps? submitted by /u/Mr_shrewd-roby [link] [comments]
IR skill tips
To improve incident responder skills, do you recommend studying every MITRE ATT&CK technique or taking specific IR tests on SIEM, etc.? submitted by /u/Warm_Persimmon_7928 [link] [comments]
I've been a CISO more than once. Ask me anything about how the job differs between organizations.
The editors at CISO Series present this AMA. This ongoing collaboration between r/cybersecurity and CISO Series brings together security leaders to discuss real-world challenges and lessons learned in the field. For this edition, we're focusing on the unique experiences of CISOs who have held the ro
Why has geo-partitioning gained so much momentum?
Was there one specific incident? Is it a broader overall trend driven by the current environment? submitted by /u/Several-Cook-2837 [link] [comments]
Your Security Budget Is Getting Cut Because Executives Don't Understand What You're Protecting
submitted by /u/_clickfix_ [link] [comments]
Built an open-source npm/PyPI supply chain scanner - looking for feedback
I've been working on MUAD'DIB, a supply chain security scanner for npm and PyPI packages. It's a personal project as part of my career change into software development. What it does: Static analysis (14 scanners: AST, dataflow, obfuscation, entropy, shell commands, GitHub Actions, etc.) Dynamic
Amazon Kiro deleted a production environment and caused a 13-hour AWS outage. I documented 10 cases of AI agents destroying systems — same patterns every time.
Amazon's Kiro agent inherited elevated permissions, bypassed two-person approval, and deleted a production environment — 13-hour AWS outage. Amazon called it "a coincidence that AI tools were involved." That's one of ten. Replit's agent fabricated 4,000 fake records then deleted the real database.
FBI posts ATM jackpotting prevention guidance after $20M stolen in 2025
submitted by /u/NISMO1968 [link] [comments]
Built a CLI tool that aggregates outputs from multiple security scanners into one report. Would you actually use this?
Hi people. I'm working on a tool that might address something I suspect could be a common problem. When you run several security scanners, you end up juggling multiple reports in different formats, with overlapping findings and inconsistent severity ratings, and no single unified view of what actual
Have we already moved from the “script kiddie” era to the “AI agent kiddie” era?
submitted by /u/x4rvi0n [link] [comments]
[Open-Source OSINT Tool for TL SearchParty CTF]: Created a Python Facebook Search Tool Inspired by IntelTechniques
TraceLab Search Party CTF 2026.02 just concluded earlier, and I am really happy that I was actually able to submit three flags using my open-source FB search tool, FBIntelPy. The Posts search type was the most useful of the bunch as it streamlined the filtering of posts made by the MP's relatives ba
Is Shadow AI Controllable?
I’ve been noticing at work regardless of any tools that’s being used to block ChatGPT or Claude etc, my coworkers are naturally finding ways around it, even resorting to taking picture so they can ask ChatGPT on their phone. Nothing malicious at all, in their defence they’re just trying to be prod
Help with setting up learning goals
Hello all, This post is more about understanding what I should be doing as part of performance development program in the company. I am L2 appsec engineer, working on defining 2-3 goals for next year and I would really value your input. any skill that helps getting mature in the field? any to
GitLab exposes North Korean hackers' contagious Interview malware and IT worker schemes in 2025
submitted by /u/rkhunter_ [link] [comments]
New "Starkiller" Phishing Kit Uses Real Websites to Steal Logins
Link Security researchers have uncovered a new Phishing-as-a-Service (PhaaS) called "Starkiller" that is significantly harder to detect than traditional scams. Unlike old phishing pages that use fake templates, this tool uses a "live proxy" to show you the actual login pages of Google, Microsoft, a
In your opinion, what is the most underrated skill to have in this field?
submitted by /u/No-Cockroach2358 [link] [comments]
Ex-Google engineers accused of swiping chip security secrets
submitted by /u/rkhunter_ [link] [comments]
Age verification vendor Persona left frontend exposed, researchers say
submitted by /u/avatar6556 [link] [comments]
Check Point Experts on CTEM in the Real World & What Actually Gets You Hacked
We’re hosting a live Ask Me Anything on CTEM (Continuous Threat Exposure Management) in the real world. For 24 hours, we’ll answer questions in real time. This AMA is about how CTEM actually works (or doesn’t) when it meets reality: What exposures attackers actually exploit Why most “critical”