FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Today β€” November 30th 2025Your RSS feeds

Sony WH-1000XM6 vs. Bose QuietComfort Ultra: I compared two of the best ANC headphones

Looking for the best noise-canceling headphones? The newly released Sony WH-1000XM6 or the heavily discounted Bose QuietComfort Ultra are two solid options.

I have no problem ditching my AirPods for these earbuds - especially at this price

The CMF Buds 2 Plus offers a secure and comfortable fit, clear audio, effective noise cancellation, and a long battery life. Plus, they're only $55 for the holiday shopping season.

You can now get Apple TV for $6/month for 6 months--but hurry!

Cozy up! You can now get Apple TV for $6/month for the next 6 months, but only if you act fast.

One of our favorite Samsung TVs is still on sale from Black Friday

Black Friday is technically over, but Best Buy still has a ton of active deals--including 30% off this Samsung 43" U7900 Series 4K Smart TV.
Yesterday β€” November 29th 2025Your RSS feeds

I love taking these earbuds to the gym thanks to their thoughtful design

The Nothing Ear Open are the only earbuds I want to take to the gym. Right now, they're under $100 during Cyber Week savings.

I fill up my apartment with booming sound thanks to Sony's mid-sized speaker

Sony's mid-sized Ult Field 3 speaker blew me away with incredible sound and portability. It's on sale for 30% off during Black Friday weekend.

I tested one of the best workout earbuds for iPhone users - and they're 20% off

Beats' exercise earbuds, the Powerbeats Pro 2, come with heart rate-monitoring tech. Black Friday savings cut the price by 20% off.

I'm powering my holiday parties with this Sony Bluetooth speaker - here's why

The Sony Ult Field 1 is at a discount during Black Friday weekend. Use it for your holiday parties and more, because the sound is simply that good.

The Yoto Mini is a great screen-free gift for kids - and you can get one for up to 40% off now

The Tonibox competitor Yoto Player and Yoto Mini let kids play music and stories. Both are on sale now for Black Friday and Cyber Monday.

DJI's 360-degree camera blows away the competition - and it's almost $200 off right now

The Osmo 360 takes on the GoPro Max and Insta360 X5 action cameras, and even though it's a new release, it's already down to an all-time low price.

A $10 USB-C accessory solved my laptop charger's biggest issue

I've always valued these easy-to-use accessories - and now, they're more practical than ever.

I'm live-tracking the best Black Friday iPad deals still available: Apple discounts up to 25%

Black Friday deals still feature some of the best prices you can get on an iPad, iPad Air, iPad Mini, and iPad Pro.

We found over 100 Black Friday tech deals up to 75% off: Shop Amazon, Best Buy, and more

Black Friday is over and Cyber Monday is up next. Every major retailer is still offering strong discounts on items from Apple, Samsung, LG, Garmin, and more.

The best color E Ink tablet I've used isn't a Remarkable (and it's almost $200 cheaper)

The Boox Note Air 4C tablet lets me replace my e-reader, notebook, calendar, and bullet journal with a single device.

I recommend this mini-LED TV to anyone looking for the best value for money

Hisense's flagship Mini LED TV, the U8N, offers one of the best values I've found for console gaming and home theaters.

The hybrid Windows laptop I recommend most for work travel also has an OLED display

HP's Envy x360 is a 16-inch laptop/tablet hybrid that delivers the qualities consumers want in a big screen 2-in-1.

This $45 wearable made ditching my smartwatch easier than I expected

The Xiaomi Smart Band 9 is a budget-friendly fitness tracker that pairs a user-friendly app with a solid lineup of practical features.

Black Friday TV deals on over 70 products are still live: Save up to $2,000 or more on LG, Samsung, Sony, TCL, Hisense

Don't miss some of the best deals of the year on TVs, streaming bundles, and home theater equipment that are still live from Black Friday.

Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1

By: /u/Empty_Hacker

Hi everyone,

I've been doing a deep dive into Cache Poisoning to understand how the vulnerability class has evolved over the last decade.

While modern attacks involve complex gadgets and framework confusion, I realized that to truly understand them, you have to look at the "Foundational" attacksβ€”the early logic flaws that started it all.

I analyzed 8 historical case studies from public bug bounty reports. Here are the 3 most interesting patterns that paved the way for modern exploitation:

1. The HackerOne Classic (2014)

  • The Flaw: The server trusted the X-Forwarded-Host header without validation.
  • The Attack: Sending X-Forwarded-Host: evil.com caused the application to generate a redirect to the attacker's domain.
  • The Impact: The cache stored this redirect. Any legitimate user trying to visit HackerOne was seamlessly redirected to the attacker's site.

2. GitHub's Content-Type DoS

  • The Flaw: GitHub handled Content-Type headers differently for the cache vs. the backend.
  • The Attack: An attacker could send a request with a malformed content type. The backend would return an error, but the cache would store that error for all unauthenticated users visiting that repo.
  • The Result: A simple request could DoS a repository for everyone.

3. The Cloudflare Capitalization Bug

  • The Flaw: Cloudflare normalized headers (converting TaRgEt.CoM to target.com for the cache key), but the origin server treated them as distinct.
  • The Impact: This allowed attackers to bypass cache keys and poison the response for a massive number of websites behind the CDN.

Why this matters today: Even though these are "old" reports, these exact logic flaws (normalization issues, unkeyed headers) are what cause the complex CP-DoS and secondary-context attacks we see in modern frameworks like Next.js today.

I wrote a full breakdown of all 8 case studies (including Shopify, GitLab, and Red Hat) if you want to see the specific request/response pairs.

Read the Full Analysis (Part 1)

Let me know if you have any questions about the mechanics of these early bugs!

submitted by /u/Empty_Hacker
[link] [comments]

The WIRED Guide to Digital Opsec for Teens

By: JP Aumasson, Lily Hay Newman
Practicing good β€œoperations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

The 10 products our readers bought most ahead of Black Friday (No. 1 will stop your doomscrolling)

Black Friday is over, and we pulled the numbers on our top-selling products. Here's what we found.

This month in security with Tony Anscombe – November 2025 edition

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

Need a smartwatch with extreme battery? This solar Garmin outlasts competitors (and it's on sale)

Garmin's Enduro 3 has a longer-lasting battery and lower price than its predecessor. Right now, it's on sale for $749.

The new base model iPad has never looked so good - especially for $274

The iPad 11 is the best choice for most people, and our pick for best iPad of 2025. It's 20% off for Black Friday.

The $847 Hisense is the best art TV deal this Black Friday - here's why

Hisense's 55-Inch CanvasTV is a rival to Samsung's Frame TV, currently 35% off for Cyber Monday.
Before yesterdayYour RSS feeds

I can't stop raving about this $16 magnetic gadget - here's why it's so useful

Stop wrecking your USB-C ports - this affordable breakaway accessory provides solid protection at an affordable price.

I replaced my dual monitors with these XR smart glasses - and they're $170 off for Black Friday

Xreal's One Pro smart glasses simulate a 171-inch spatial screen with a 57-degree field of view at a 120Hz refresh.

Looking for a 98-inch TV? I found the only deal you should consider for Black Friday

The 98-inch Hisense QD5 Series is a massive 57% off the regular price, down to $999.

The Google Pixel 9a is my favorite 'premium budget' Android phone - on sale for $349

We called the Pixel 9a the most well-rounded phone you can get under $500 - now it's on sale for Black Friday for just $349.

CTF challenge Malware Busters

By: /u/Ok_Coyote6842

Just came across this reverse engineering challenge called Malware Busters seems to be part of the Cloud Security Championship. It’s got a nice malware analysis vibe, mostly assembly focused and pretty clean in terms of setup.

Was surprised by the polish has anyone else given it a try?

submitted by /u/Ok_Coyote6842
[link] [comments]

Shopping for a phone? I rounded up the best Black Friday 2025 Verizon deals on Apple and Android

Black Friday may be over, but these incredible deals on new phones, tablets, and gaming consoles are still available now.

I found the Pixel 9 Pro XL for $699 - here's why this is the Android phone deal to grab

The Google Pixel 9 Pro series from last year still looks and performs flawlessly, but this Black Friday deal brings the Pro XL to its lowest price yet.

Yes, the Bugaboo Donkey 5 is as great as you've heard - and it's on sale

The Donkey 5 Mono is well-engineered to easily switch from single to double stroller - and it's 20% off for Black Friday.

Last-minute gifting? Here's how I'm sending curated digital gift cards this holiday season

Give the gift of choice this holiday season. Here's how I recommend sending virtual gift cards.

I found the 15+ best Black Friday phone deals still live (and which carrier offers are actually worth it)

Black Friday phone deals are still live at carriers like T-Mobile, Verizon, and AT&T, and stores like Amazon and Walmart. Read on for the best discounts we've found.

I recommend this OnePlus tablet over iPads for streaming movies - and it's $200 off

The OnePlus Pad 2 may be last year's model, but still offers solid hardware, impressive battery life, and a sharp display, positioning it as a top-notch cheaper alternative to the iPad Air.

These are the best 30+ Black Friday Sam's Club deals of 2025 I'm shopping for - even today

Many of the best Sam's Club Black Friday deals are still available, but there's not much time left to save on tech, laptops, TVs, and household appliances.

Amazon's best 2025 Black Friday deals are still available: Shop my top sales on Apple, Oura, and Bose

Black Friday is over, but Amazon continues to offer a wide range of deals. These are the top sales I've uncovered so far, like the MacBook Air for 25% off.

I highly recommend this soundbar for immersive audio - especially at 44% off

LG's S95TR soundbar delivers impressive audio performance alongside a bunch of useful features, making it one of my top picks even though it's an older model.

These Android Bluetooth trackers are better than AirTags - and they're 45% off

Chipolo's One and Card Point trackers are excellent options for Android users who want to keep tabs on their phone and wallet.

6 Black Friday gift card deals I'd add to my cart right now

Black Friday is here. Don't forget it's a great time to scoop up discounted gift cards for Apple, Uber, H&M, and more.

You can subscribe to Peacock for free with these sneaky Black Friday streaming deals

If you want to check out original shows like All Her Fault, movies like Jurassic World Rebirth, or your favorite NBC and Bravo shows, check out these deals for Peacock.

How to manage your Linux firewall the easy way - without touching the terminal

Securing your Linux desktop is straightforward when you let these GUIs handle all the work.

I can take my 4 favorite Bluetooth speakers anywhere - and they're all on sale

From holiday parties to outdoor activities, my favorite Bluetooth speakers will take your music-listening experience to the next level.

Best Black Friday Dell deals 2025: I found the top 15 Dell laptop sales live now

Black Friday is still going on, and Dell has some notable deals across its lineup. Here are the best ones we've found.

I test power stations - these are my favorite Black Friday deals still live from EcoFlow, Jackery, & more

Black Friday is over, but we've got our eyes on some excellent deals on power stations from top brands available now.

Shop these still live best AirPods deals for Black Friday 2025 - including the AirPods Pro 3

Black Friday has ended, but AirPods are still at their lowest price ever. Here are the best ones to buy now.

The best Kindle deals for Black Friday (including an all-time low on the Kindle Scribe) are still available

We're keeping a close eye on the best Black Friday Kindle deals, including discounts on the Paperwhite and the Kindle Scribe.

I picked the best Black Friday soundbar deals you can still find

Black Friday is over, but plenty of soundbars, smart speakers, and home-theater-in-a-box systems are still on sale. Here are the best deals we've found.

Best Black Friday Target deals 2025: 15+ deals on tech gadgets still live

The holiday season is upon us, and Black Friday deals are still here. Here are the best Cyber Week discounts at Target today.

Last chance to shop Best Buy's Black Friday sale: Check out my favorite 30+ tech discounts live now

Black Friday has arrived, and Best Buy has some excellent deals still live now, like the Hisense Canvas TV for 35% off.

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

By: Ravie Lakshmanan
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

By: Ravie Lakshmanan
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the

Best Black Friday deals under $100 2025: 20 sales still live

Stick to your holiday budget this season with these giftable gadgets under $100.

These 12 surprisingly useful tools are on sale during Black Friday - and I vouch for them all

Black Friday has ended, but these useful gadgets that make great gifts are still available.

I rounded up the best Apple Watch Black Friday 2025 deals you can still shop

Shop these exceptional Black Friday deals on Apple Watches, including the new Series 11 and SE 3, while they're still available.

I found the best Chromebook deals for Black Friday 2025 - here are the 20 still available

Black Friday deals are ending, but I've compiled the best Chromebook discounts from major retailers that are still available now.
❌