You can now get Apple TV for $6/month for 6 months--but hurry!

— November 29^th 2025 at 23:57

Cozy up! You can now get Apple TV for $6/month for the next 6 months, but only if you act fast.

ZDNet | security RSS

One of our favorite Samsung TVs is still on sale from Black Friday

— November 29^th 2025 at 23:00

Black Friday is technically over, but Best Buy still has a ton of active deals--including 30% off this Samsung 43" U7900 Series 4K Smart TV.

ZDNet | security RSS

I love taking these earbuds to the gym thanks to their thoughtful design

— November 29^th 2025 at 21:20

The Nothing Ear Open are the only earbuds I want to take to the gym. Right now, they're under $100 during Cyber Week savings.

ZDNet | security RSS

I fill up my apartment with booming sound thanks to Sony's mid-sized speaker

— November 29^th 2025 at 21:12

Sony's mid-sized Ult Field 3 speaker blew me away with incredible sound and portability. It's on sale for 30% off during Black Friday weekend.

ZDNet | security RSS

I tested one of the best workout earbuds for iPhone users - and they're 20% off

— November 29^th 2025 at 20:48

Beats' exercise earbuds, the Powerbeats Pro 2, come with heart rate-monitoring tech. Black Friday savings cut the price by 20% off.

ZDNet | security RSS

I'm powering my holiday parties with this Sony Bluetooth speaker - here's why

— November 29^th 2025 at 20:29

The Sony Ult Field 1 is at a discount during Black Friday weekend. Use it for your holiday parties and more, because the sound is simply that good.

ZDNet | security RSS

The Yoto Mini is a great screen-free gift for kids - and you can get one for up to 40% off now

— November 29^th 2025 at 17:51

The Tonibox competitor Yoto Player and Yoto Mini let kids play music and stories. Both are on sale now for Black Friday and Cyber Monday.

/r/netsec - Information Security News & Discussion

Simulating a Water Control System in my Home Office

By: ／u／RoseSec_ — November 29^th 2025 at 17:10

submitted by /u/RoseSec_
[link] [comments]

ZDNet | security RSS

DJI's 360-degree camera blows away the competition - and it's almost $200 off right now

— November 29^th 2025 at 16:25

The Osmo 360 takes on the GoPro Max and Insta360 X5 action cameras, and even though it's a new release, it's already down to an all-time low price.

ZDNet | security RSS

A $10 USB-C accessory solved my laptop charger's biggest issue

— November 29^th 2025 at 16:07

I've always valued these easy-to-use accessories - and now, they're more practical than ever.

ZDNet | security RSS

I'm live-tracking the best Black Friday iPad deals still available: Apple discounts up to 25%

— November 29^th 2025 at 23:45

Black Friday deals still feature some of the best prices you can get on an iPad, iPad Air, iPad Mini, and iPad Pro.

ZDNet | security RSS

The best Black Friday tech deals? We found over 100 up to 75% off from Amazon, Best Buy, and more

— November 29^th 2025 at 23:53

Black Friday is over and Cyber Monday is up next. Every major retailer is still offering strong discounts on items from Apple, Samsung, LG, Garmin, and more.

/r/netsec - Information Security News & Discussion

Beyond Nmap: Building Custom Recon Pipelines

By: ／u／voidrane — November 29^th 2025 at 15:45

submitted by /u/voidrane
[link] [comments]

ZDNet | security RSS

The best color E Ink tablet I've used isn't a Remarkable (and it's almost $200 cheaper)

— November 29^th 2025 at 15:34

The Boox Note Air 4C tablet lets me replace my e-reader, notebook, calendar, and bullet journal with a single device.

ZDNet | security RSS

I recommend this mini-LED TV to anyone looking for the best value for money

— November 29^th 2025 at 15:17

Hisense's flagship Mini LED TV, the U8N, offers one of the best values I've found for console gaming and home theaters.

ZDNet | security RSS

The hybrid Windows laptop I recommend most for work travel also has an OLED display

— November 29^th 2025 at 15:03

HP's Envy x360 is a 16-inch laptop/tablet hybrid that delivers the qualities consumers want in a big screen 2-in-1.

ZDNet | security RSS

This $45 wearable made ditching my smartwatch easier than I expected

— November 29^th 2025 at 14:29

The Xiaomi Smart Band 9 is a budget-friendly fitness tracker that pairs a user-friendly app with a solid lineup of practical features.

ZDNet | security RSS

Black Friday TV deals on over 70 products are still live: Save up to $2,000 or more on LG, Samsung, Sony, TCL, Hisense

— November 29^th 2025 at 23:51

Don't miss some of the best deals of the year on TVs, streaming bundles, and home theater equipment that are still live from Black Friday.

/r/netsec - Information Security News & Discussion

Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1

By: ／u／Empty_Hacker — November 29^th 2025 at 13:05

Hi everyone,

I've been doing a deep dive into Cache Poisoning to understand how the vulnerability class has evolved over the last decade.

While modern attacks involve complex gadgets and framework confusion, I realized that to truly understand them, you have to look at the "Foundational" attacks—the early logic flaws that started it all.

I analyzed 8 historical case studies from public bug bounty reports. Here are the 3 most interesting patterns that paved the way for modern exploitation:

1. The HackerOne Classic (2014)

The Flaw: The server trusted the X-Forwarded-Host header without validation.
The Attack: Sending X-Forwarded-Host: evil.com caused the application to generate a redirect to the attacker's domain.
The Impact: The cache stored this redirect. Any legitimate user trying to visit HackerOne was seamlessly redirected to the attacker's site.

2. GitHub's Content-Type DoS

The Flaw: GitHub handled Content-Type headers differently for the cache vs. the backend.
The Attack: An attacker could send a request with a malformed content type. The backend would return an error, but the cache would store that error for all unauthenticated users visiting that repo.
The Result: A simple request could DoS a repository for everyone.

3. The Cloudflare Capitalization Bug

The Flaw: Cloudflare normalized headers (converting TaRgEt.CoM to target.com for the cache key), but the origin server treated them as distinct.
The Impact: This allowed attackers to bypass cache keys and poison the response for a massive number of websites behind the CDN.

Why this matters today: Even though these are "old" reports, these exact logic flaws (normalization issues, unkeyed headers) are what cause the complex CP-DoS and secondary-context attacks we see in modern frameworks like Next.js today.

I wrote a full breakdown of all 8 case studies (including Shopify, GitLab, and Red Hat) if you want to see the specific request/response pairs.

Read the Full Analysis (Part 1)

Let me know if you have any questions about the mechanics of these early bugs!

submitted by /u/Empty_Hacker
[link] [comments]

WIRED

The WIRED Guide to Digital Opsec for Teens

By: JP Aumasson， Lily Hay Newman — November 29^th 2025 at 12:00

Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

ZDNet | security RSS

The 10 products our readers bought most ahead of Black Friday (No. 1 will stop your doomscrolling)

— November 29^th 2025 at 09:00

Black Friday is over, and we pulled the numbers on our top-selling products. Here's what we found.

WeLiveSecurity

This month in security with Tony Anscombe – November 2025 edition

— November 28^th 2025 at 13:46

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

ZDNet | security RSS

Need a smartwatch with extreme battery? This solar Garmin outlasts competitors (and it's on sale)

— November 29^th 2025 at 01:55

Garmin's Enduro 3 has a longer-lasting battery and lower price than its predecessor. Right now, it's on sale for $749.

ZDNet | security RSS

The new base model iPad has never looked so good - especially for $274

— November 29^th 2025 at 00:53

The iPad 11 is the best choice for most people, and our pick for best iPad of 2025. It's 20% off for Black Friday.

ZDNet | security RSS

The $847 Hisense is the best art TV deal this Black Friday - here's why

— November 29^th 2025 at 00:17

Hisense's 55-Inch CanvasTV is a rival to Samsung's Frame TV, currently 35% off for Cyber Monday.

ZDNet | security RSS

I can't stop raving about this $16 magnetic gadget - here's why it's so useful

— November 28^th 2025 at 22:39

Stop wrecking your USB-C ports - this affordable breakaway accessory provides solid protection at an affordable price.

ZDNet | security RSS

I replaced my dual monitors with these XR smart glasses - and they're $170 off for Black Friday

— November 28^th 2025 at 22:24

Xreal's One Pro smart glasses simulate a 171-inch spatial screen with a 57-degree field of view at a 120Hz refresh.

ZDNet | security RSS

Looking for a 98-inch TV? I found the only deal you should consider for Black Friday

— November 28^th 2025 at 22:23

The 98-inch Hisense QD5 Series is a massive 57% off the regular price, down to $999.

ZDNet | security RSS

The Google Pixel 9a is my favorite 'premium budget' Android phone - on sale for $349

— November 28^th 2025 at 21:48

We called the Pixel 9a the most well-rounded phone you can get under $500 - now it's on sale for Black Friday for just $349.

/r/netsec - Information Security News & Discussion

CTF challenge Malware Busters

By: ／u／Ok_Coyote6842 — November 28^th 2025 at 21:42

Just came across this reverse engineering challenge called Malware Busters seems to be part of the Cloud Security Championship. It’s got a nice malware analysis vibe, mostly assembly focused and pretty clean in terms of setup.

Was surprised by the polish has anyone else given it a try?

submitted by /u/Ok_Coyote6842
[link] [comments]

ZDNet | security RSS

Shopping for a phone? I rounded up the best Black Friday 2025 Verizon deals on Apple and Android

— November 29^th 2025 at 22:49

Black Friday may be over, but these incredible deals on new phones, tablets, and gaming consoles are still available now.

ZDNet | security RSS

I found the Pixel 9 Pro XL for $699 - here's why this is the Android phone deal to grab

— November 28^th 2025 at 20:40

The Google Pixel 9 Pro series from last year still looks and performs flawlessly, but this Black Friday deal brings the Pro XL to its lowest price yet.

ZDNet | security RSS

Yes, the Bugaboo Donkey 5 is as great as you've heard - and it's on sale

— November 28^th 2025 at 20:26

The Donkey 5 Mono is well-engineered to easily switch from single to double stroller - and it's 20% off for Black Friday.

ZDNet | security RSS

Last-minute gifting? Here's how I'm sending curated digital gift cards this holiday season

— November 28^th 2025 at 20:21

Give the gift of choice this holiday season. Here's how I recommend sending virtual gift cards.

ZDNet | security RSS

I found the 15+ best Black Friday phone deals still live (and which carrier offers are actually worth it)

— November 29^th 2025 at 14:51

Black Friday phone deals are still live at carriers like T-Mobile, Verizon, and AT&T, and stores like Amazon and Walmart. Read on for the best discounts we've found.

ZDNet | security RSS

I recommend this OnePlus tablet over iPads for streaming movies - and it's $200 off

— November 28^th 2025 at 19:56

The OnePlus Pad 2 may be last year's model, but still offers solid hardware, impressive battery life, and a sharp display, positioning it as a top-notch cheaper alternative to the iPad Air.

ZDNet | security RSS

These are the best 30+ Black Friday Sam's Club deals of 2025 I'm shopping for - even today

— November 29^th 2025 at 22:54

Many of the best Sam's Club Black Friday deals are still available, but there's not much time left to save on tech, laptops, TVs, and household appliances.

ZDNet | security RSS

Amazon's best 2025 Black Friday deals are still available: Shop my top sales on Apple, Oura, and Bose

— November 29^th 2025 at 22:42

Black Friday is over, but Amazon continues to offer a wide range of deals. These are the top sales I've uncovered so far, like the MacBook Air for 25% off.

ZDNet | security RSS

I highly recommend this soundbar for immersive audio - especially at 44% off

— November 28^th 2025 at 19:26

LG's S95TR soundbar delivers impressive audio performance alongside a bunch of useful features, making it one of my top picks even though it's an older model.

ZDNet | security RSS

These Android Bluetooth trackers are better than AirTags - and they're 45% off

— November 28^th 2025 at 19:13

Chipolo's One and Card Point trackers are excellent options for Android users who want to keep tabs on their phone and wallet.

ZDNet | security RSS

6 Black Friday gift card deals I'd add to my cart right now

— November 28^th 2025 at 18:39

Black Friday is here. Don't forget it's a great time to scoop up discounted gift cards for Apple, Uber, H&M, and more.

ZDNet | security RSS

You can subscribe to Peacock for free with these sneaky Black Friday streaming deals

— November 28^th 2025 at 18:07

If you want to check out original shows like All Her Fault, movies like Jurassic World Rebirth, or your favorite NBC and Bravo shows, check out these deals for Peacock.

ZDNet | security RSS

How to manage your Linux firewall the easy way - without touching the terminal

— November 28^th 2025 at 17:31

Securing your Linux desktop is straightforward when you let these GUIs handle all the work.

ZDNet | security RSS

I can take my 4 favorite Bluetooth speakers anywhere - and they're all on sale

— November 28^th 2025 at 17:23

From holiday parties to outdoor activities, my favorite Bluetooth speakers will take your music-listening experience to the next level.

ZDNet | security RSS

Best Black Friday Dell deals 2025: I found the top 15 Dell laptop sales live now

— November 29^th 2025 at 19:06

Black Friday is still going on, and Dell has some notable deals across its lineup. Here are the best ones we've found.

ZDNet | security RSS

I test power stations - these are my favorite Black Friday deals still live from EcoFlow, Jackery, & more

— November 29^th 2025 at 20:29

Black Friday is over, but we've got our eyes on some excellent deals on power stations from top brands available now.

ZDNet | security RSS

Shop these still live best AirPods deals for Black Friday 2025 - including the AirPods Pro 3

— November 29^th 2025 at 18:49

Black Friday has ended, but AirPods are still at their lowest price ever. Here are the best ones to buy now.

ZDNet | security RSS

The best Kindle deals for Black Friday (including an all-time low on the Kindle Scribe) are still available

— November 29^th 2025 at 18:54

We're keeping a close eye on the best Black Friday Kindle deals, including discounts on the Paperwhite and the Kindle Scribe.

ZDNet | security RSS

I picked the best Black Friday soundbar deals you can still find

— November 29^th 2025 at 19:45

Black Friday is over, but plenty of soundbars, smart speakers, and home-theater-in-a-box systems are still on sale. Here are the best deals we've found.

ZDNet | security RSS

Best Black Friday Target deals 2025: 15+ deals on tech gadgets still live

— November 29^th 2025 at 18:44

The holiday season is upon us, and Black Friday deals are still here. Here are the best Cyber Week discounts at Target today.

ZDNet | security RSS

Last chance to shop Best Buy's Black Friday sale: Check out my favorite 30+ tech discounts live now

— November 29^th 2025 at 01:42

Black Friday has arrived, and Best Buy has some excellent deals still live now, like the Hisense Canvas TV for 35% off.

The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

By: Ravie Lakshmanan — November 28^th 2025 at 16:27

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The

The Register - Security

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

— November 28^th 2025 at 16:22

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…

The Hacker News

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

By: Ravie Lakshmanan — November 28^th 2025 at 16:18

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the

ZDNet | security RSS

Best Black Friday deals under $100 2025: 20 sales still live

— November 29^th 2025 at 17:55

Stick to your holiday budget this season with these giftable gadgets under $100.

ZDNet | security RSS

These 12 surprisingly useful tools are on sale during Black Friday - and I vouch for them all

— November 29^th 2025 at 18:14

Black Friday has ended, but these useful gadgets that make great gifts are still available.

ZDNet | security RSS

I rounded up the best Apple Watch Black Friday 2025 deals you can still shop

— November 29^th 2025 at 23:39

Shop these exceptional Black Friday deals on Apple Watches, including the new Series 11 and SE 3, while they're still available.

ZDNet | security RSS

I found the best Chromebook deals for Black Friday 2025 - here are the 20 still available

— November 29^th 2025 at 23:18

Black Friday deals are ending, but I've compiled the best Chromebook discounts from major retailers that are still available now.

ZDNet | security RSS

Best Black Friday smart glasses deals 2025 still live: I found the biggest sales like Meta Ray-Bans for 20% off

— November 29^th 2025 at 17:19

If you've been wanting to check out the smart glasses craze for yourself, you can still score a great Black Friday discount from brands like Meta, RayNeo, Xreal, and Amazon.

ZDNet | security RSS

Black Friday Smartwatch deals are still live: Get Apple & Pixel Watches before they end

— November 29^th 2025 at 22:59

I've rounded up my favorite deals on Apple, Garmin, Oura, and more - but get them while they're still available.