»Decreasing Certificate Lifetimes to 45 Days:
Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028.«
The @letsencrypt halving the validity of the keys makes the web more secure (not more anonymous).
🔐 https://letsencrypt.org/2025/12/02/from-90-to-45.html
#https #web #encryption #halftime #letsencrypt #websecurity #security
🔐 Cross-Site Scripting (XSS) – Still the Web’s Silent Killer in 2025
Think XSS is old news? Think again.
👉 Read how you can defend your apps properly. context-aware encoding, CSP, Trusted Types, and more:
https://wardenshield.com/cross-site-scripting-xss-persistent-web-vulnerability-exploits
Few days left to submit your work to #MADWeb '26!
The CfP is open until Dec 11 (AOE). We welcome all Web-related submissions from full papers (10 pages) to work-in-progress papers (6 pages, no proceedings).
It's a great chance to present your work in the sunny San Diego, connect with an amazing community, or get early feedback to improve your research. Don't miss out and spread the word!
Awareness für Web-Security — Die OWASP Top Ten 2025
Der erste Release Candidate der neuen @owasp Top Ten enthüllt die größten Sicherheitsrisiken in der Webentwicklung - von Konfiguration bis Software Supply Chain.
#websecurity #passwort #owasp #web #websec #supplychain #webdev #topten #sicherheit #software #awareness
Password Security - MD5 vs Argon2
🔐 STOP USING MD5! This password security comparison will shock you. Junior developers still use MD5 (cracked in seconds!) while senior devs use Argon2ID - the strongest password hashing algorithm. See the difference and learn why password security matters. Your users' data depends on this! #PHP #PasswordSecurity #Argon2 #MD5 #WebSecurity #SecureCoding
#php #programming #coding #web development #software engineering #junior vs senior #code review #...
🎥 manual
Environment Variables - Hardcoded vs ENV
🔐 NEVER Hardcode Secrets! This security mistake will get you fired! Junior developers put API keys and passwords directly in code (visible in Git!), while senior devs use environment variables. Learn how to protect your secrets and why this is critical for production applications. #PHP #Security #EnvironmentVariables #SecretsManagement #WebSecurity #BestPractices
#php #programming #coding #web development #software engineering #junior vs se...
🎥 manual
SQL Injection - Vulnerable vs Safe
🔒 CRITICAL SECURITY FIX! SQL Injection vulnerability exposed! See how junior developers accidentally create massive security holes by concatenating user input directly into SQL queries. The senior solution uses prepared statements with PDO - this is why your database gets hacked! Watch this before your next project gets compromised. #PHP #Security #SQLInjection #WebSecurity #Cybersecurity #CodingTips
Explore what the browser exposes about you
https://neberej.github.io/exposedbydefault/
#HackerNews #Explore #Browser #Privacy #WebSecurity #DigitalFootprint #UserData #Transparency
🚫🔋 Oh, the irony! You wanted a guide on fake batteries, but instead, you got a masterclass in fake web pages. If only spotting counterfeit content was as easy as reading a 403 error. 😂⚠️
https://spectrum.ieee.org/counterfeit-lithium-ion-batteries #fakebatteries #counterfeitcontent #websecurity #irony #onlineguides #403error #HackerNews #ngated
Perplexity’s new Comet browser and MCP API raise fresh security questions — when AI meets the web, the attack surface grows with every click. 🌐🤖 #SecureAI #WebSecurity
https://www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/
Being fed up with and untrusting of all the commercial password manager applications, I have decided to revert to paper. Specifically, index cards. So I bought a pack of 100.
Then discovered that I have more than 100 passwords in my app. 🤦🏻♂️
#InformationSecurity #WebSecurity #passwords #security #ai #privacy
100k most used passwords
These are the latest 100k most insecure used (hacked?) passwords. I wonder why at least a minimal regex the first hurdle can stand in the way of the attackers, i.e. apparently has not yet been widely implemented? Am I wrong, or are there reliable sources?
💥 https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Common-Credentials/100k-most-used-passwords-NCSC.txt
Source: https://weakpass.com
#password #login #cracking #pw #itsec #itsecuritybullshit #itsecurity #breaking #it #web #authenticity #webdev #regex #websecurity #identity #webidentity #amg
✨ Breaking news! A riveting exposé on why converting #CUDA won't magically transform #AMD, but wait—first, let #Cloudflare block you for daring to exist 🌐. Because, folks, who needs coherent tech insights when you can have an interactive experience with web security instead? 🚫🔍
https://eliovp.com/why-cuda-translation-wont-unlock-amds-real-potential/ #BreakingNews #TechInsights #WebSecurity #HackerNews #ngated
JWT vs PASETO vs Branca: The Future of Secure Tokens in 2026
If you’ve worked on authentication anytime in the last decade, chances are you’ve implemented a JWT somewhere. It became the go-to standard — not because it was flawless, but because it was everywhere.
🔏 https://mojoauth.com/blog/jwt-vs-paseto-vs-branca-the-future-of-secure-tokens-in-2026
#jwt #paseto #branca #securetoken #it #token #security #weblogin #login #key #webdev #thefuture #websecurity #dev #api #restapi #rest
Here is the explanation of @cloudflare itself why it was down worldwide yesterday (again) and it styled a lot on the Internet.
»Cloudflare outage on November 18, 2025:
On 18 November 2025 at 11:20 UTC (all times in this blog are UTC), Cloudflar's network began experiencing significant failures to deliver core network traffic. […]«
☁️ https://blog.cloudflare.com/18-november-2025-outage/
#cloudflare #cloudflaredown #network #web #internet #websecurity #itsecurity #internetdown
Anyone know of a good curated list of JA3 fingerprints of known shitty bots? (Think: Alibaba, Tencent, AI slop, etc)
The only two I could find are:
f79b6bad2ad0641e1921aef10262856b
5cc600468c246704e1699c12f51eb3ab
Blocking LLM crawlers without JavaScript
https://www.owl.is/blogg/blocking-crawlers-without-javascript/
#HackerNews #BlockingLLMcrawlers #JavaScript #CrawlerProtection #WebSecurity #TechNews #OWLBlog
Web Hosting for Sucuri Security: Reliable and Affordable Hosting with Switchweb https://www.switchweb.co.uk/blog/2025/09/23/webhosting-for-sucuri-security-reliable-and-affordable-hosting-with-switchweb/
#hosting #webhosting #switchweb #sucuri #security #wordpress #plugins #websecurity #malware
🚨 CRITICAL Imunify360 flaw puts millions of web servers at risk. No active exploits, but potential for data breaches & outages if weaponized. Monitor for patches, scan for exposure, and strengthen controls now. https://radar.offseq.com/threat/millions-of-sites-at-risk-from-imunify360-critical-7df6edc7 #OffSeq #vulnerability #infosec #websecurity
Tự host web trên OCI E1 Instance với Cloudflare Tunnel, Caddy/Traefik, SSH bằng key và Fail2Ban. Liệu có vấn đề nào nổi bật không? #SelfHosted #OCI #Webserver #TựHost #BảoMật #Cloudflare #Caddy #Traefik #SSH #Fail2Ban #WebSecurity #BảoMậtWeb
https://www.reddit.com/r/selfhosted/comments/1owr8u4/oci_webserver/
