Friday, October 17, 2025 Top 5 Cybersecurity Stories You Should Know 1. Gladinet Patches CVE-2025-11371 Zero-Day in CentreStack File-Sharing Software — tl;dr: Gladinet has released a security update for its CentreStack business solution to address a critical local file inclusion vulnerability (CVE-2025-11371) that has been actively exploited since late September.
Thursday, October 16, 2025 Top 5 Cybersecurity Stories You Should Know 1. Microsoft Addresses Three Active Zero-Day Vulnerabilities in October 2025 Patch — tl;dr: In its October 2025 Patch Tuesday, Microsoft released fixes for over 175 vulnerabilities, including three zero-days: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. CVE-2025-24990 affects a driver for the
Wednesday, October 15, 2025 Top 5 Cybersecurity Stories You Should Know 1. Microsoft Addresses Three Active Zero-Day Vulnerabilities in October Patch — tl;dr: In its October 2025 Patch Tuesday update, Microsoft addressed over 175 vulnerabilities, including three actively exploited zero-days: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. CVE-2025-24990 affects a third-party driver for
Artificial Intelligence is changing the face of cybersecurity — not tomorrow, but right now. In my latest keynote, I unpack how attackers are already exploiting AI systems using prompt injections, data poisoning, and autonomous exploitation techniques, and why every security team needs to rethink their defenses. 🎥 Watch the full keynote here:
Tuesday, October 14, 2025 Top 5 Cybersecurity Stories You Should Know 1. Critical WordPress Flaw Exploited, SonicWall Backup Breach, Oracle Zero-Day Patched — tl;dr: A critical vulnerability in the WordPress Service Finder theme (CVE-2025-5947) has led to over 13,800 attack attempts, allowing hackers to hijack administrator accounts. SonicWall confirmed
Monday, October 13, 2025 Top 5 Cybersecurity Stories You Should Know 1. North Korean Hackers Deploy 338 Malicious npm Packages in Supply Chain Attack — tl;dr: North Korean state-sponsored hackers have launched a supply chain attack targeting software developers, deploying 338 malicious npm packages as part of a campaign named
Monday, October 13, 2025 Top 5 Cybersecurity Stories You Should Know 1. AI and the Future of American Politics — tl;dr: Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have
Sunday, October 12, 2025 Top 5 Cybersecurity Stories You Should Know 1. Wireshark 4.4.10 and 4.6.0 Released, (Sun, Oct 12th) — tl;dr: Wireshark release 4.4.10 fixes 6 bugs and 1 vulnerability (in the MONGO dissector). ↪ https://isc.sans.edu/diary/rss/32358 Featured LufSec
Saturday, October 11, 2025 Top 5 Cybersecurity Stories You Should Know 1. Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time — tl;dr: In today's hyper-connected world, cyber threats are more sophisticated and frequent than ever - ransomware, data breaches, and social engineering scams, targeting everyone
Hackers. CISOs. Researchers. Engineers. Different worlds, one mission — to understand and secure the digital frontier. The LufSec Podcast is where these worlds collide. It’s where stories meet strategy, and cybersecurity stops being abstract. It’s where the people behind the firewalls finally speak. 🔐 Why We Created the LufSec Podcast
Artificial Intelligence is not just changing business—it’s rewriting the rules of cybersecurity. As attackers weaponize prompt injection, data poisoning, and model manipulation, we’re witnessing the rise of a new digital battlefield. On October 9, 2025 (10:00 AM EDT), I’ll be speaking at DevSecOps Live alongside
This past weekend, I attended BSides Orlando 2025 — my first cybersecurity event in Florida since moving here. It turned out to be a full day of learning, making connections, and hands-on fun. 📚 Roots & Reach of BSides Before diving in, a bit of context: BSides began in 2009 in Las
What is Prompt Hacking? Prompt hacking is the set of techniques that manipulate the input to a language model (or other generative AI) to produce behavior the model owner didn’t intend — from leaking hidden prompts to causing unauthorized actions. In Lesson 1 of my AI Hacking course, I cover:
This Saturday, I’ll be participating in BSides Orlando 2025, one of the most exciting community-driven security conferences in Florida. I’m thrilled to share that I’ll be volunteering at the soldering station, helping attendees learn, build, and hack with hands-on electronics. Why BSides? BSides conferences are special. They
Announcement
Cybersecurity training should be powerful, practical, and affordable. That’s exactly why I built three advanced courses—IoT Hacking, AI Hacking, and Car Hacking—with the same depth and rigor you’d find at global conferences like SANS, Black Hat, and DEF CON, but at a fraction of the cost.
Big news: LufSec has moved to a new, faster, more reliable home to give you a far better learning and reading experience. What changed * Our course experience has been rebuilt to be smoother and more intuitive — featuring faster checkout, more precise progress tracking, and a cleaner lesson layout, so you
zero trust
Introduction: Why Zero Trust Matters in 2025 The cybersecurity landscape has shifted dramatically. Remote work, SaaS adoption, and increasingly sophisticated supply-chain attacks mean that traditional perimeter-based security no longer works. VPNs, once considered the gold standard for secure access, are now an attacker’s dream—granting broad, flat access once
So you want to get into IoT hacking? Maybe you’ve seen flashy TikTok demos of the Flipper Zero cloning a garage door remote. Perhaps you’ve read about hackers hijacking cars through wireless key fobs. Or maybe you’re staring at your own smart plugs, cameras, and Alexa speakers,
Announcement
This Labor Day, I’m giving you the chance to upgrade your cybersecurity skills at a special discount. 🚀 👉 From now until Monday at midnight, you can save 25% on all courses — including: * 🔑 Car Hacking 101 – from key fobs to full system exploitation * 🌐 Web Security Deep Dive – practical penetration testing techniques
Announcement
After months offline, I'm back—and more focused than ever to deliver you the best cybersecurity content. A lot has changed behind the scenes. My family and I moved from Arizona to Florida, and during that time, I intentionally stepped away from content creation to reflect, refocus, and
The Capital One Data Breach: A Cautionary Tale in Cloud Security In 2019, Capital One, one of the largest banks in the United States, suffered a massive data breach that compromised the personal information of over 100 million customers. The breach exposed names, addresses, phone numbers, email addresses, credit scores,
Cloud Security
Introduction to Amazon S3 Security Best Practices Cloud storage is essential to modern computing, offering businesses scalable and cost-effective solutions. However, cloud storage can become a severe liability without proper security configurations. In 2017, numerous high-profile data breaches exposed sensitive information because of misconfigured Amazon S3 buckets. Organizations like the
Cybersecurity Career
Navigating Cybersecurity Careers in 2025: In-Demand Skills, Jobs, and Growth Strategies Introduction The cybersecurity landscape in 2025 is more dynamic and challenging than ever, with cyber threats evolving rapidly and organizations striving to stay ahead of attackers. As businesses, governments, and individuals increasingly rely on digital infrastructure, the demand for
Uncategorized
Introduction In recent years, MongoDB Ransomware Attacks have become an alarming threat to organizations embracing cloud infrastructure. From small startups to enterprise companies, many have fallen prey to malicious actors who exploit misconfigured databases, lock out legitimate users, and demand hefty ransoms. Fortunately, these attacks can be prevented—or at