Best of r/cybersecurity
@cybersecurity.page
Summarizes the hottest content on r/cybersecurity once per hour. Warning, the summaries are generated by an LLM and are not guaranteed to be 100% correct. Operated by @tweedge.net, open source @ https://github.com/r-cybersecurity/best-of-bot
The user is organizing a purple team event and seeks examples of outdated or bizarrely insecure infrastructure setups to discuss. They request general ideas, while acknowledging confidentiality concerns.
Scariest infrastructure you have ever seen
I'm working on creating a purple team event for my local community and wanna know what are some infrastructure setup of old os or weird combos of things that are highly insecure you had to deal wi...
reddit.com
November 16, 2025 at 4:42 AM
The user is organizing a purple team event and seeks examples of outdated or bizarrely insecure infrastructure setups to discuss. They request general ideas, while acknowledging confidentiality concerns.
Helpdesk jobs
Helpdesk jobs
I often see people recommend anyone who wants to get into cybersecurity roles to take on a helpdesk job first. Why is this so, and would you recommend I do the same if I eventually want to go into ...
reddit.com
November 15, 2025 at 7:42 PM
Helpdesk jobs
Malware development can enhance cybersecurity skills by understanding threats and defenses, but pursuing it professionally without malicious intent might be limited. It could be more fulfilling as a hobby unless it aligns with ethical careers like cybersecurity research or threat analysis.
How much is malware development useful?
Hi, I realky like the feeling of creating/building something, which is why I like software development/engineering on top of cybersecurity. I have noticed that it really clicks for me to create mal...
reddit.com
November 15, 2025 at 1:42 PM
Malware development can enhance cybersecurity skills by understanding threats and defenses, but pursuing it professionally without malicious intent might be limited. It could be more fulfilling as a hobby unless it aligns with ethical careers like cybersecurity research or threat analysis.
FedRAMP is mandatory for cloud services handling CUI for federal agencies, including the DoD. Some say you can't use any cloud provider for DoD work unless they're FedRAMP certified, regardless of the data stored. Clarification is needed on this point.
When is FedRAMP mandatory?
I’ve been going through some guides but it’s still not clear to me when a cloud service actually has to be FedRAMP authorized for DoD work
From what I understand it’s only required if the system is...
reddit.com
November 14, 2025 at 9:42 PM
FedRAMP is mandatory for cloud services handling CUI for federal agencies, including the DoD. Some say you can't use any cloud provider for DoD work unless they're FedRAMP certified, regardless of the data stored. Clarification is needed on this point.
Anthropic disclosed a detailed AI-based attack using Claude Code, traced to a Chinese state-aligned group. Seeking the cybersecurity industry's reactions rather than news headlines on this development.
Thoughts on the use of Claude Code use from a nation state that Anthropic just put out?
Title basically says it all.
Anthropic just disclosed one of the first detailed attacks using AI, specifically Claude Code. They have tracked it back to a Chinese state-aligned group according to t...
reddit.com
November 14, 2025 at 8:42 PM
Anthropic disclosed a detailed AI-based attack using Claude Code, traced to a Chinese state-aligned group. Seeking the cybersecurity industry's reactions rather than news headlines on this development.
Anthropic discovered Chinese state-sponsored hackers used their AI, Claude, to autonomously hack 30 companies. The AI handled 80-90% of the work, including analyzing targets and extracting data. Hackers tricked Claude into thinking it was performing legitimate tasks, using minimal human involvement.
China just used Claude to hack 30 companies. The AI did 90% of the work. Anthropic caught them and is telling everyone how they did it.
September 2025. Anthropic detected suspicious activity on Claude. Started investigating.
Turns out it was Chinese state-sponsored hackers. They used Claude Code to hack into roughly 30 companies. B...
reddit.com
November 14, 2025 at 7:42 PM
Anthropic discovered Chinese state-sponsored hackers used their AI, Claude, to autonomously hack 30 companies. The AI handled 80-90% of the work, including analyzing targets and extracting data. Hackers tricked Claude into thinking it was performing legitimate tasks, using minimal human involvement.
Chinese spies used Claude to break into critical orgs
Chinese spies used Claude to break into critical orgs
View post on Reddit.
reddit.com
November 14, 2025 at 5:42 PM
Chinese spies used Claude to break into critical orgs
Are CTFs useful for finding work in cybersecurity? As a computer engineering student, I believe they're great for practicing skills learned from courses or books, but can't replace them. How important do you find them for landing a job in this field?
Are CTFs really useful for finding work in cybersecurity?
Hi guys, I'm a computer engineering student living in Italy.
I was interested in getting your opinion on the effectiveness and usefulness of CTFs.
My personal opinion is that CTFs are a good way to...
reddit.com
November 14, 2025 at 4:42 PM
Are CTFs useful for finding work in cybersecurity? As a computer engineering student, I believe they're great for practicing skills learned from courses or books, but can't replace them. How important do you find them for landing a job in this field?
Doordash experienced a cybersecurity breach involving unauthorized access to user contact info. Sensitive data was not accessed, and there's no indication of misuse. They've enhanced security and involved law enforcement. Users are advised to be cautious with personal info requests.
Doordash just had a cyber breach
Doordash just emailed cyber breach. Idiots asked drivers for addresses. What absolute nut cases.
can't paste images so here is the email copied over
Dear D,
On October 25, 2025, our team identifi...
reddit.com
November 14, 2025 at 1:42 PM
Doordash experienced a cybersecurity breach involving unauthorized access to user contact info. Sensitive data was not accessed, and there's no indication of misuse. They've enhanced security and involved law enforcement. Users are advised to be cautious with personal info requests.
CyberSec Quote of the Day: "It's not the work; it's the worry of it."
CyberSec Quote of the Day: "It's not the work; it's the worry of it."
I ran across this quote in a thread recently, and thought... that's exactly how I feel some weeks, working in this field. Doing the actual, technical, nitty-gritty parts is generally enjoyable, an...
reddit.com
November 14, 2025 at 5:42 AM
CyberSec Quote of the Day: "It's not the work; it's the worry of it."
PIP'd less than 3 months in
PIP'd less than 3 months in
I've had this role as essentially a Sr IAM for exactly 85 days. I've had training for about 3weeks to a month on how to do the basic daily functions of the role(mfa, provisioning, RBAC). I was told...
reddit.com
November 14, 2025 at 3:42 AM
PIP'd less than 3 months in
A PhD student researching cybersecurity is seeking insights from professionals on their biggest pain points, specifically regarding security warnings and alerts. They aim to understand real-world challenges to ensure their research is practically applicable, not just academic.
Cybersecurity professionals what security problems are hurting you the most right now?
I am a PhD student, I am doing cybersecurity research. Mostly I am looking into the security warnings and the effectiveness of those warnings. However, I am interested to learn what kind of problem...
reddit.com
November 14, 2025 at 2:42 AM
A PhD student researching cybersecurity is seeking insights from professionals on their biggest pain points, specifically regarding security warnings and alerts. They aim to understand real-world challenges to ensure their research is practically applicable, not just academic.
An entry-level security analyst with Comptia certifications is seeking advice on a reasonable salary to request in metro NYC. They're unsure, with web searches showing a nationwide average of $65k, but they wonder what to expect in the NYC area.
What to ask for as salary for Security analyst position?
Hi, I see a posting for a position for security analyst but unsure how much to ask for entry position in metro nyc. I have Comptia A+, Network+, Security+, CySA+ security analyst certs i accumulate...
reddit.com
November 13, 2025 at 10:42 PM
An entry-level security analyst with Comptia certifications is seeking advice on a reasonable salary to request in metro NYC. They're unsure, with web searches showing a nationwide average of $65k, but they wonder what to expect in the NYC area.
Graduated, but I feel like I know nothing!
Graduated, but I feel like I know nothing!
I recently graduated with a B.S. in Cybersecurity... got good grades and positive feedback from professors the entire time. Now that I'm on the other side, though, I feel like I know absolutely no...
reddit.com
November 13, 2025 at 9:42 PM
Graduated, but I feel like I know nothing!
The post asks for stories or breaches related to employees using their own devices at work, sharing that the author encountered an intriguing case today and is curious about similar global experiences.
Worst BYOD story from work
As the title suggest, do you have any interesting story and/or breaches from your work regarding employees using their own hardware? Today had a very interesting case, hence I grew intrigued about ...
reddit.com
November 13, 2025 at 8:42 PM
The post asks for stories or breaches related to employees using their own devices at work, sharing that the author encountered an intriguing case today and is curious about similar global experiences.
got my employer ISO 42001 Certified and became an AI Gov. Officer. Honestly, kinda underwhelming?
got my employer ISO 42001 Certified and became an AI Gov. Officer. Honestly, kinda underwhelming?
I work in a Cloud SaaS, 50-60 FTE, if you know the shtick, you know the shtick.
For context my background is in Law and Privacy Compliance, I have been in the workforce for 4-5 years and I got into...
reddit.com
November 13, 2025 at 7:42 PM
got my employer ISO 42001 Certified and became an AI Gov. Officer. Honestly, kinda underwhelming?
Beginner in cybersecurity seeks advice on where to start learning, considering options like networking basics or Linux. They don't have a tech background but are eager to learn and seek resource recommendations from experienced individuals.
Beginner trying to learn cybersecurity where should I start?
Hey everyone, I’ve recently gotten interested in cybersecurity and I’m trying to figure out the best way to start learning. There’s so much info out there that it’s a bit overwhelming.
I’m not from...
reddit.com
November 13, 2025 at 6:42 PM
Beginner in cybersecurity seeks advice on where to start learning, considering options like networking basics or Linux. They don't have a tech background but are eager to learn and seek resource recommendations from experienced individuals.
A report reveals that shadow AI is exposing software teams to risks, as three-quarters of 500 security practitioners experienced prompt-injection incidents, two-thirds dealt with vulnerabilities in LLM code, and many reported jailbreaks.
Report: Shadow AI is leaving software teams dangerously exposed
The report found that amongst 500 security practitioners, three-quarters reported at least one prompt-injection incident, and two-thirds said they’ve faced exploits involving vulnerable LLM code, a...
reddit.com
November 13, 2025 at 2:42 PM
A report reveals that shadow AI is exposing software teams to risks, as three-quarters of 500 security practitioners experienced prompt-injection incidents, two-thirds dealt with vulnerabilities in LLM code, and many reported jailbreaks.
User is looking for compiled lists of Black Friday 2025 cybersecurity deals and invites others to share good current or upcoming deals they know about.
Black Friday 2025 Deals
It might still be a bit early this year but normally I start seeing consolidating lists of cyber Black Friday deals. Anyone know of any lists?
Or if you have seen some good current/upcoming deals—p...
reddit.com
November 13, 2025 at 1:42 PM
User is looking for compiled lists of Black Friday 2025 cybersecurity deals and invites others to share good current or upcoming deals they know about.
People often imagine cybersecurity professionals as action heroes intercepting malware, but is the reality as exciting or is it just a tedious, soul-draining job?
Cybersecurity Stereotypes
I feel like people have these superfluous assumptions of cybersecurity professionals vigorously typing on their laptops, intercepting malware, and shutting down threats. Is reality really that cool...
reddit.com
November 13, 2025 at 7:42 AM
People often imagine cybersecurity professionals as action heroes intercepting malware, but is the reality as exciting or is it just a tedious, soul-draining job?
FFmpeg: Hire people full time and/or send security patches. We are volunteers.
FFmpeg: Hire people full time and/or send security patches. We are volunteers.
View post on Reddit.
reddit.com
November 13, 2025 at 6:42 AM
FFmpeg: Hire people full time and/or send security patches. We are volunteers.
How much testing is enough in cybersecurity?
How much testing is enough in cybersecurity?
I’ve been wondering where the line really is between good testing and overtesting in cybersecurity.
Every time we run an audit or pen test, we find new vulnerabilities that seem minor at first but ...
reddit.com
November 13, 2025 at 5:42 AM
How much testing is enough in cybersecurity?
A user reported a voice impersonation attempt where an attacker mimicked an employee's voice to reset an account. The incident highlights the challenge of classifying such threats: as social engineering, deepfake threat, or a unique tactic. The question is whether to include it in threat models.
We saw a convincing voice impersonation attempt. Curious how others are classifying this threat.
We had an interesting incident recently that I’m trying to properly categorize.
Someone called our internal support line claiming to be an employee who was “locked out” of their account.
The voice ...
reddit.com
November 13, 2025 at 2:42 AM
A user reported a voice impersonation attempt where an attacker mimicked an employee's voice to reset an account. The incident highlights the challenge of classifying such threats: as social engineering, deepfake threat, or a unique tactic. The question is whether to include it in threat models.
Considering joining the Air Force and pursuing a B.S. in cybersecurity at WGU while serving in reserves or active duty could be beneficial. It offers the chance to earn a degree quickly and gain valuable job experience.
Air Force and WGU
I'm a freshmen in university almost at my second semester going for Cybersecurity. During this time I have been thinking a lot about my career path. And It brought me to the idea of joining the Air...
reddit.com
November 13, 2025 at 1:42 AM
Considering joining the Air Force and pursuing a B.S. in cybersecurity at WGU while serving in reserves or active duty could be beneficial. It offers the chance to earn a degree quickly and gain valuable job experience.
IT Sec hiring is jacked up
IT Sec hiring is jacked up
I continue to have phone call interviews with HR that are supposed to be the gateway to technical interviews, where the HR/Talent Acquisition (TA) individual has no idea what they are asking or hav...
reddit.com
November 13, 2025 at 12:42 AM
IT Sec hiring is jacked up