Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

13,250
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (6,346) Articles (4181)Blog Posts (1575)Tutorials (340)Research Papers (20)News (230)
Applying Checkov SAST to Detect Security Issues in Terraform Infrastructure as Code
Dev.to · Abel Fernando PACOMPIA ORTIZ 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Applying Checkov SAST to Detect Security Issues in Terraform Infrastructure as Code
Introduction Security issues in cloud infrastructure often start as small configuration...
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Dev.to · Abel Fernando PACOMPIA ORTIZ 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Introduction Security should be part of the development workflow, not only a final...
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Dev.to · Abel Fernando PACOMPIA ORTIZ 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Introduction Security should be part of the development workflow, not only a final...
Certifying something on-chain without revealing it: privacy attestation on Midnight
Dev.to · Cory Dabrowski 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Certifying something on-chain without revealing it: privacy attestation on Midnight
I built Grid Audit, a tool that reviews Midnight code and then lets you certify that review on-chain....
Security Profiles Operator hits v1 with stable APIs and a hardening pass
Dev.to · Leo 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Security Profiles Operator hits v1 with stable APIs and a hardening pass
The CNCF's Security Profiles Operator graduated to v1.0.0 on June 26, freezing eight CRD APIs and clearing a third-party audit. The kubelet-side follow-up, KEP
Mobile App Authentication: Best Practices for iOS and Android Developers (2026)
Dev.to · SecureCodingHub 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Mobile App Authentication: Best Practices for iOS and Android Developers (2026)
The mobile app authentication best practices question is the single hardest one to answer well in...
Malware on Your Machine: A Developer's Complete Incident Response Guide
Dev.to · Red Masil 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Malware on Your Machine: A Developer's Complete Incident Response Guide
🛡️ Your Computer Got Infected — Now What? A Developer's Survival Guide to Malware...
Sandboxing Reality: How to Spoof iPhone Locations for Advanced Penetration Testing
Dev.to · v. Splicer 🔐 Cybersecurity ⚡ AI Lesson 4d ago
Sandboxing Reality: How to Spoof iPhone Locations for Advanced Penetration Testing
Listen up. If you’re still playing by the rules Apple wrote for you, you aren’t testing security....
Your cloud keys should not exist
Dev.to · b0gy 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Your cloud keys should not exist
Most cloud platforms that need access to your infrastructure start with the same onboarding step:...
BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need
Dev.to · MrEchoFi 🔐 Cybersecurity ⚡ AI Lesson 5d ago
BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need
BannerGrapV2 is a blazing-fast, multi-protocol banner grabbing and vulnerability discovery tool written in Go. Real-world commands for pentesters, red teamers,
Simon Willison's Blog 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Incident Report: CVE-2026-LGTM
Incident Report: CVE-2026-LGTM Spectacular hypothetical incident report by Andrew Nesbitt. Day 2, 16:00 UTC --- Two AI review agents from competing vendors, bot
The State of End-of-Life Software 2026: 32 of 459 Technologies Have Active CVEs
Dev.to · endoflife-ai 🔐 Cybersecurity ⚡ AI Lesson 5d ago
The State of End-of-Life Software 2026: 32 of 459 Technologies Have Active CVEs
An original data report across 459 tracked technologies — 32 tied to actively-exploited vulnerabilities, 30 Critical, and 190 with a release reaching EOL in 202
# Stop Uploading Sensitive Data to Online Tools: Use Browser-Based Developer Utilities Instead
Dev.to · ToolMight 🔐 Cybersecurity ⚡ AI Lesson 5d ago
# Stop Uploading Sensitive Data to Online Tools: Use Browser-Based Developer Utilities Instead
As developers, we often copy and paste sensitive data into online tools without thinking twice. JWT...
How AegisLink's handshake survives a quantum computer (X3DH + ML-KEM-768)
Dev.to · gabinotech22-cmyk 🔐 Cybersecurity ⚡ AI Lesson 5d ago
How AegisLink's handshake survives a quantum computer (X3DH + ML-KEM-768)
In my first post in this series I said the next one would go deep on the handshake. This is it. If...
OverTheWire Wargames : Natas - LOTS OF DOCS, LOTS OF VULNS
Dev.to · Breindel Medina 🔐 Cybersecurity ⚡ AI Lesson 5d ago
OverTheWire Wargames : Natas - LOTS OF DOCS, LOTS OF VULNS
I recently tackled the Natas Wargames by OverTheWire, following my completion of the Bandit series....
Cal Water Handala Attack: OT Containment Analysis & Attacker Motivation
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Cal Water Handala Attack: OT Containment Analysis & Attacker Motivation
Handala's Cal Water intrusion demonstrates classic attacker posturing: threat inflation to maximize pressure during extortion. Forensic analysis revea
One hyphen, two tenants, one signing key
Dev.to · authagonal 🔐 Cybersecurity ⚡ AI Lesson 5d ago
One hyphen, two tenants, one signing key
Two of our tenants were the same tenant. They had different names, different signups, and different...
Reverse Engineering a Windows Keylogger with IDA Pro: Assembly-Level Deep Dive
Dev.to · Khalif AL Mahmud 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Reverse Engineering a Windows Keylogger with IDA Pro: Assembly-Level Deep Dive
When I first loaded msdsrv.exe into IDA Pro, I had no idea what I was dealing with. No strings, no...
Security Best Practices in .NET Core and Azure
Dev.to · Hossein Esmati 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Security Best Practices in .NET Core and Azure
Security is paramount in modern distributed systems, especially when deploying to cloud platforms like Azure. A comprehensive security strategy encompasses mult
BBS Signatures and Anonymous Credentials: Proving Less to Show More
Dev.to · Haven Messenger 🔐 Cybersecurity ⚡ AI Lesson 5d ago
BBS Signatures and Anonymous Credentials: Proving Less to Show More
A government issues you a digital ID containing your name, date of birth, address, and license...
Real-World CVE HTTP Request Smuggling Apache mod_proxy Example
Dev.to · Stefan 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Real-World CVE HTTP Request Smuggling Apache mod_proxy Example
A reproducible walkthrough of CVE-2022-26377, a request smuggling desync in Apache mod_proxy_ajp, plus the upstream patch and config hardening that close it.
78% False Negatives: Your AI Security Scanner Is Gaslighting You
Dev.to · techpotions 🔐 Cybersecurity ⚡ AI Lesson 5d ago
78% False Negatives: Your AI Security Scanner Is Gaslighting You
A 78% false negative rate means automated AI scanners are missing real vulnerabilities. Understand why these tools fail and how to build a defense-in-depth stra
"I Won't Call It a Vulnerability: How Carapace Chose Not to Overclaim an OSS Finding"
Dev.to · Carapace 🔐 Cybersecurity ⚡ AI Lesson 5d ago
"I Won't Call It a Vulnerability: How Carapace Chose Not to Overclaim an OSS Finding"
In a previous post, I wrote about why I built Carapace: a local-first security CLI for people outside...
What NIS2 compliance actually costs in Hungary (2026, with real numbers)
Dev.to · Jernej Domanjko 🔐 Cybersecurity ⚡ AI Lesson 5d ago
What NIS2 compliance actually costs in Hungary (2026, with real numbers)
What NIS2 Compliance Actually Costs in Hungary: Numbers, Deadlines, and Hard...
Last month I saw something I haven’t seen in 18 years of dark web and underground monitoring.
Dev.to · Adrian Alexandru Stinga 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Last month I saw something I haven’t seen in 18 years of dark web and underground monitoring.
The underground is changing faster than the security industry is adapting. Here’s what nearly two...
Cybersecurity Roadmap
Dev.to · Ajitesh 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Cybersecurity Roadmap
Introduction: Cybersecurity is one of the most in-demand fields on the planet - and also one of the...
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 5d ago
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser
CVE-2026-39829: Denial of Service in Go SSH Parser Vulnerability ID: CVE-2026-39829 CVSS...
Beyond Static IP Databases: Why Real-Time Detection Matters
Dev.to · Husnain Babar 🔐 Cybersecurity ⚡ AI Lesson 5d ago
Beyond Static IP Databases: Why Real-Time Detection Matters
Beyond Static IP Databases: Why Real-Time Detection Matters Legacy IP intelligence APIs...
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 5d ago
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write
CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel...
MCP Trust Pack: a security layer for MCP tool calls
Dev.to · Teller 🔐 Cybersecurity ⚡ AI Lesson 5d ago
MCP Trust Pack: a security layer for MCP tool calls
MCP Trust Pack: a security layer for MCP tool calls MCP makes it easy for agents to call...
10 Million-Install Chrome Ad Blocker Hides a Remote Kill Switch for Arbitrary JavaScript
Dev.to · Etairos.ai 🔐 Cybersecurity ⚡ AI Lesson 5d ago
10 Million-Install Chrome Ad Blocker Hides a Remote Kill Switch for Arbitrary JavaScript
TL;DR what: Island researchers found that Adblock for YouTube (ID...
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 5d ago
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts
CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in...
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 5d ago
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh
CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in...
On Security+, social engineering questions test the principle, not the label
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 5d ago
On Security+, social engineering questions test the principle, not the label
A lot of people walk into the SY0-701 exam ready to define phishing, vishing, smishing, and...
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 6d ago
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp
CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in...
I Built a JWT Playground That Re-signs Tokens With Real HMAC-SHA256
Dev.to · Devanshu Biswas 🔐 Cybersecurity ⚡ AI Lesson 6d ago
I Built a JWT Playground That Re-signs Tokens With Real HMAC-SHA256
Most JWT explainers cheat. They show you header.payload.signature, point at the third part, and say...
7 Security Holes We Keep Finding in Vibecoded Apps: Audit Vibe Coding by Inithouse
Dev.to · Jakub 🔐 Cybersecurity ⚡ AI Lesson 6d ago
7 Security Holes We Keep Finding in Vibecoded Apps: Audit Vibe Coding by Inithouse
We run Audit Vibe Coding at Inithouse, a security audit tool built specifically for AI-generated...
What actually visits a self-hosted website in 2026? Humans, AI crawlers, and 6,400 automated attacks
Dev.to · Tommy 🔐 Cybersecurity ⚡ AI Lesson 6d ago
What actually visits a self-hosted website in 2026? Humans, AI crawlers, and 6,400 automated attacks
I run a small self-hosted website on a Raspberry Pi 4B at home. A few weeks ago I started wondering:...
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 6d ago
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend
CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend Vulnerability ID:...
# Real-World SSH: From Your Laptop to the Linux Kernel 🚀
Dev.to · Mh Asif Kamal 🔐 Cybersecurity ⚡ AI Lesson 6d ago
# Real-World SSH: From Your Laptop to the Linux Kernel 🚀
If you work in tech, you use SSH every day. But for a lot of developers, it's just a black box. Let’s...
curl Patches 25-Year-Old Vulnerability and 17 Other Flaws
Dev.to · BeyondMachines 🔐 Cybersecurity ⚡ AI Lesson 6d ago
curl Patches 25-Year-Old Vulnerability and 17 Other Flaws
curl version 8.21.0 addresses 18 vulnerabilities, including a 25-year-old authentication bypass (CVE-2026-8932) and multiple memory safety issues. The flaws pri
Protecting Developers Means Protecting Their Secrets
Dev.to · Dwayne McDaniel 🔐 Cybersecurity ⚡ AI Lesson 6d ago
Protecting Developers Means Protecting Their Secrets
When most people think of "Enterprise Security," they immediately think of hardened data centers,...
Your Baby Monitor's Biggest Security Flaw Isn't Hackers. It's the Company That Built It.
Dev.to · Spicy 🔐 Cybersecurity ⚡ AI Lesson 6d ago
Your Baby Monitor's Biggest Security Flaw Isn't Hackers. It's the Company That Built It.
In May 2026, a French ethical hacker named Sammy Azdoufal bought a baby monitor off Amazon and spent...
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 6d ago
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Sapphire Sleet (North Korean APT) compromised 140+ Mastra npm packages via postinstall hook to steal AI API keys and cloud credentials from developer machines.
From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP
Dev.to · Maksim Didenko 🔐 Cybersecurity ⚡ AI Lesson 6d ago
From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP
A follow-up to Part 1 (EN on LinkedIn · RU on Habr), where we stood up a two-tier PKI: a Root CA and...
Lantronix Serial-to-IP RCE: OT Device Takeover via CVE-2025-67038
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 6d ago
Lantronix Serial-to-IP RCE: OT Device Takeover via CVE-2025-67038
CVE-2025-67038 in Lantronix Serial-to-IP converters enables unauthenticated remote code execution on operational technology devices. Active exploitati
vrp-ir 0.9.0: a line-cited security audit for Huawei VRP/USG configs
Dev.to · zynovex-support 🔐 Cybersecurity ⚡ AI Lesson 6d ago
vrp-ir 0.9.0: a line-cited security audit for Huawei VRP/USG configs
If you do acceptance or audit work on Huawei gear, you've hit this wall: Batfish explicitly marks...
Beyond the Hype: Why Your GRC Strategy Fails Without Real Encryption and DLP
Dev.to · Massimiliano B. 🔐 Cybersecurity ⚡ AI Lesson 6d ago
Beyond the Hype: Why Your GRC Strategy Fails Without Real Encryption and DLP
Let’s cut through the noise. When we talk about Governance, Risk, and Compliance (GRC), people often...