Tech Skills
Cybersecurity
Ethical hacking, penetration testing, network security, CTFs and defensive security
Skills in this topic
8 skills — Sign in to track your progress
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector

Dev.to · Abel Fernando PACOMPIA ORTIZ
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Applying Checkov SAST to Detect Security Issues in Terraform Infrastructure as Code
Introduction Security issues in cloud infrastructure often start as small configuration...

Dev.to · Abel Fernando PACOMPIA ORTIZ
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Introduction Security should be part of the development workflow, not only a final...

Dev.to · Abel Fernando PACOMPIA ORTIZ
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Applying Bandit SAST to Detect Vulnerabilities in a Python Flask Application
Introduction Security should be part of the development workflow, not only a final...

Dev.to · Cory Dabrowski
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Certifying something on-chain without revealing it: privacy attestation on Midnight
I built Grid Audit, a tool that reviews Midnight code and then lets you certify that review on-chain....

Dev.to · Leo
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Security Profiles Operator hits v1 with stable APIs and a hardening pass
The CNCF's Security Profiles Operator graduated to v1.0.0 on June 26, freezing eight CRD APIs and clearing a third-party audit. The kubelet-side follow-up, KEP

Dev.to · SecureCodingHub
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Mobile App Authentication: Best Practices for iOS and Android Developers (2026)
The mobile app authentication best practices question is the single hardest one to answer well in...

Dev.to · Red Masil
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Malware on Your Machine: A Developer's Complete Incident Response Guide
🛡️ Your Computer Got Infected — Now What? A Developer's Survival Guide to Malware...

Dev.to · v. Splicer
🔐 Cybersecurity
⚡ AI Lesson
4d ago
Sandboxing Reality: How to Spoof iPhone Locations for Advanced Penetration Testing
Listen up. If you’re still playing by the rules Apple wrote for you, you aren’t testing security....

Dev.to · b0gy
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Your cloud keys should not exist
Most cloud platforms that need access to your infrastructure start with the same onboarding step:...

Dev.to · MrEchoFi
🔐 Cybersecurity
⚡ AI Lesson
5d ago
BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need
BannerGrapV2 is a blazing-fast, multi-protocol banner grabbing and vulnerability discovery tool written in Go. Real-world commands for pentesters, red teamers,
Simon Willison's Blog
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Incident Report: CVE-2026-LGTM
Incident Report: CVE-2026-LGTM Spectacular hypothetical incident report by Andrew Nesbitt. Day 2, 16:00 UTC --- Two AI review agents from competing vendors, bot

Dev.to · endoflife-ai
🔐 Cybersecurity
⚡ AI Lesson
5d ago
The State of End-of-Life Software 2026: 32 of 459 Technologies Have Active CVEs
An original data report across 459 tracked technologies — 32 tied to actively-exploited vulnerabilities, 30 Critical, and 190 with a release reaching EOL in 202

Dev.to · ToolMight
🔐 Cybersecurity
⚡ AI Lesson
5d ago
# Stop Uploading Sensitive Data to Online Tools: Use Browser-Based Developer Utilities Instead
As developers, we often copy and paste sensitive data into online tools without thinking twice. JWT...

Dev.to · gabinotech22-cmyk
🔐 Cybersecurity
⚡ AI Lesson
5d ago
How AegisLink's handshake survives a quantum computer (X3DH + ML-KEM-768)
In my first post in this series I said the next one would go deep on the handshake. This is it. If...

Dev.to · Breindel Medina
🔐 Cybersecurity
⚡ AI Lesson
5d ago
OverTheWire Wargames : Natas - LOTS OF DOCS, LOTS OF VULNS
I recently tackled the Natas Wargames by OverTheWire, following my completion of the Bandit series....

Dev.to · Satyam Rastogi
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Cal Water Handala Attack: OT Containment Analysis & Attacker Motivation
Handala's Cal Water intrusion demonstrates classic attacker posturing: threat inflation to maximize pressure during extortion. Forensic analysis revea

Dev.to · authagonal
🔐 Cybersecurity
⚡ AI Lesson
5d ago
One hyphen, two tenants, one signing key
Two of our tenants were the same tenant. They had different names, different signups, and different...

Dev.to · Khalif AL Mahmud
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Reverse Engineering a Windows Keylogger with IDA Pro: Assembly-Level Deep Dive
When I first loaded msdsrv.exe into IDA Pro, I had no idea what I was dealing with. No strings, no...

Dev.to · Hossein Esmati
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Security Best Practices in .NET Core and Azure
Security is paramount in modern distributed systems, especially when deploying to cloud platforms like Azure. A comprehensive security strategy encompasses mult

Dev.to · Haven Messenger
🔐 Cybersecurity
⚡ AI Lesson
5d ago
BBS Signatures and Anonymous Credentials: Proving Less to Show More
A government issues you a digital ID containing your name, date of birth, address, and license...

Dev.to · Stefan
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Real-World CVE HTTP Request Smuggling Apache mod_proxy Example
A reproducible walkthrough of CVE-2022-26377, a request smuggling desync in Apache mod_proxy_ajp, plus the upstream patch and config hardening that close it.

Dev.to · techpotions
🔐 Cybersecurity
⚡ AI Lesson
5d ago
78% False Negatives: Your AI Security Scanner Is Gaslighting You
A 78% false negative rate means automated AI scanners are missing real vulnerabilities. Understand why these tools fail and how to build a defense-in-depth stra

Dev.to · Carapace
🔐 Cybersecurity
⚡ AI Lesson
5d ago
"I Won't Call It a Vulnerability: How Carapace Chose Not to Overclaim an OSS Finding"
In a previous post, I wrote about why I built Carapace: a local-first security CLI for people outside...

Dev.to · Jernej Domanjko
🔐 Cybersecurity
⚡ AI Lesson
5d ago
What NIS2 compliance actually costs in Hungary (2026, with real numbers)
What NIS2 Compliance Actually Costs in Hungary: Numbers, Deadlines, and Hard...

Dev.to · Adrian Alexandru Stinga
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Last month I saw something I haven’t seen in 18 years of dark web and underground monitoring.
The underground is changing faster than the security industry is adapting. Here’s what nearly two...

Dev.to · Ajitesh
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Cybersecurity Roadmap
Introduction: Cybersecurity is one of the most in-demand fields on the planet - and also one of the...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
5d ago
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser
CVE-2026-39829: Denial of Service in Go SSH Parser Vulnerability ID: CVE-2026-39829 CVSS...

Dev.to · Husnain Babar
🔐 Cybersecurity
⚡ AI Lesson
5d ago
Beyond Static IP Databases: Why Real-Time Detection Matters
Beyond Static IP Databases: Why Real-Time Detection Matters Legacy IP intelligence APIs...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
5d ago
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write
CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel...

Dev.to · Teller
🔐 Cybersecurity
⚡ AI Lesson
5d ago
MCP Trust Pack: a security layer for MCP tool calls
MCP Trust Pack: a security layer for MCP tool calls MCP makes it easy for agents to call...

Dev.to · Etairos.ai
🔐 Cybersecurity
⚡ AI Lesson
5d ago
10 Million-Install Chrome Ad Blocker Hides a Remote Kill Switch for Arbitrary JavaScript
TL;DR what: Island researchers found that Adblock for YouTube (ID...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
5d ago
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts
CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
5d ago
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh
CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in...

Dev.to · TiltedLunar123
🔐 Cybersecurity
⚡ AI Lesson
5d ago
On Security+, social engineering questions test the principle, not the label
A lot of people walk into the SY0-701 exam ready to define phishing, vishing, smishing, and...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
6d ago
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp
CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in...

Dev.to · Devanshu Biswas
🔐 Cybersecurity
⚡ AI Lesson
6d ago
I Built a JWT Playground That Re-signs Tokens With Real HMAC-SHA256
Most JWT explainers cheat. They show you header.payload.signature, point at the third part, and say...

Dev.to · Jakub
🔐 Cybersecurity
⚡ AI Lesson
6d ago
7 Security Holes We Keep Finding in Vibecoded Apps: Audit Vibe Coding by Inithouse
We run Audit Vibe Coding at Inithouse, a security audit tool built specifically for AI-generated...

Dev.to · Tommy
🔐 Cybersecurity
⚡ AI Lesson
6d ago
What actually visits a self-hosted website in 2026? Humans, AI crawlers, and 6,400 automated attacks
I run a small self-hosted website on a Raspberry Pi 4B at home. A few weeks ago I started wondering:...

Dev.to · CVE Reports
🔐 Cybersecurity
⚡ AI Lesson
6d ago
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend
CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend Vulnerability ID:...

Dev.to · Mh Asif Kamal
🔐 Cybersecurity
⚡ AI Lesson
6d ago
# Real-World SSH: From Your Laptop to the Linux Kernel 🚀
If you work in tech, you use SSH every day. But for a lot of developers, it's just a black box. Let’s...

Dev.to · BeyondMachines
🔐 Cybersecurity
⚡ AI Lesson
6d ago
curl Patches 25-Year-Old Vulnerability and 17 Other Flaws
curl version 8.21.0 addresses 18 vulnerabilities, including a 25-year-old authentication bypass (CVE-2026-8932) and multiple memory safety issues. The flaws pri

Dev.to · Dwayne McDaniel
🔐 Cybersecurity
⚡ AI Lesson
6d ago
Protecting Developers Means Protecting Their Secrets
When most people think of "Enterprise Security," they immediately think of hardened data centers,...

Dev.to · Spicy
🔐 Cybersecurity
⚡ AI Lesson
6d ago
Your Baby Monitor's Biggest Security Flaw Isn't Hackers. It's the Company That Built It.
In May 2026, a French ethical hacker named Sammy Azdoufal bought a baby monitor off Amazon and spent...

Dev.to · Toni Antunovic
🔐 Cybersecurity
⚡ AI Lesson
6d ago
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Sapphire Sleet (North Korean APT) compromised 140+ Mastra npm packages via postinstall hook to steal AI API keys and cloud credentials from developer machines.

Dev.to · Maksim Didenko
🔐 Cybersecurity
⚡ AI Lesson
6d ago
From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP
A follow-up to Part 1 (EN on LinkedIn · RU on Habr), where we stood up a two-tier PKI: a Root CA and...

Dev.to · Satyam Rastogi
🔐 Cybersecurity
⚡ AI Lesson
6d ago
Lantronix Serial-to-IP RCE: OT Device Takeover via CVE-2025-67038
CVE-2025-67038 in Lantronix Serial-to-IP converters enables unauthenticated remote code execution on operational technology devices. Active exploitati

Dev.to · zynovex-support
🔐 Cybersecurity
⚡ AI Lesson
6d ago
vrp-ir 0.9.0: a line-cited security audit for Huawei VRP/USG configs
If you do acceptance or audit work on Huawei gear, you've hit this wall: Batfish explicitly marks...

Dev.to · Massimiliano B.
🔐 Cybersecurity
⚡ AI Lesson
6d ago
Beyond the Hype: Why Your GRC Strategy Fails Without Real Encryption and DLP
Let’s cut through the noise. When we talk about Governance, Risk, and Compliance (GRC), people often...
DeepCamp AI