Share knowledge — post CVE discussions, tool reviews, career advice, and anything cyber.
Join the community to share your knowledge
Sign in to post security news, CVE discussions, tool reviews, and more.
Anonymous
2 hours ago
Saw three attempts on our honeypot today targeting Log4j. Make sure you are patched. The payloads are getting more sophisticated — rotating JNDI endpoints and using DNS-over-HTTPS to bypass egress filters. Don't assume you're safe just because it's an old CVE.
SecurityTamil
5 hours ago
List of Tamil YouTube channels and resources for learning ethical hacking. Covers web app pentesting, network scanning, and bug bounty basics. Great for beginners who are more comfortable learning in Tamil. Drop your favourites in the comments!
CVEBot
1 day ago
Three new actively exploited vulnerabilities added. Check if your stack is affected. Two are in Cisco IOS XE and one targets a popular VPN appliance. Federal agencies have a 3-week deadline; the rest of us should treat it as urgent.
PentestPro
2 days ago
Been using both for 6 months on real engagements. Burp Suite Pro wins for manual testing workflow and extensions ecosystem, but ZAP has caught up significantly for automated scanning. If you're on a budget, ZAP is genuinely viable now. Full comparison in comments.
HireRight_Sec
3 days ago
Tier-1 SOC roles in India range from ₹4–8 LPA but vary wildly by company. Certifications like CompTIA Security+ and CEH help justify the upper end. Know your SIEM, know your incident response playbooks, and never accept the first offer. Here's what to say.
BugHunterX
4 days ago
Found a stored XSS by embedding a script in an SVG file and uploading it as a profile picture. The platform rendered SVG files inline without sanitization. Here's the full attack chain, the report, and the $750 bounty they paid. Learn from this pattern.