Practical lessons from two years of hands-on experience with AI coding tools, from early autocomplete to today's autonomous agents: Evolution of AI assistants, mental models for working with AI teammates, cognitive biases to avoid, and real impact on team productivity and code quality. MORE

Novel SSRF Technique Involving HTTP Redirect Loops. It's difficult to show impact for Server-Side Request Forgery (SSRF) vulnerabilities when you cannot see the full HTTP response. Assetnote's research team details a novel technique that allowed for us to leak the full HTTP response, even though the SSRF seemed like it was blind. MORE

How to win a Nobel prize. What subjects have past winners studied? What age were they when they won? Where do they live? Nature crunched the data on every science prizewinner to find out. MORE

Forging Passkeys: Exploring the FIDO2 / WebAuthn Attack Surface. Passwords are dying and passkeys are taking over. Celeste tears apart WebAuthn and build our own software FIDO2 authenticator from scratch. MORE

Armin explores agentic coding, a transformative software development approach where AI agents actively collaborate with humans. Drawing from his experience with Flask and Sentry, he describes this process as a real-time, dynamic interaction beyond traditional autocomplete tools, driven by advanced AI models trained in tool usage. MORE

HackTheBox is hosting a Bug Bounty themed CTF, HackTheSystem, from June 27 to 29, 2025. These challenges are based on actual bug bounty reports. Two teaser challenges are currently available! IppSec showcases one of them, CriticalOps. MORE

Anthropic now lets you build and share AI-powered apps directly in Claude without deployment hassles or API costs. Users authenticate with their own Claude accounts, so their usage counts against their subscription while you pay nothing for hosting interactive games, learning tools, and data analysis apps. MORE

Google launched Gemini CLI, a free open-source AI agent that brings Gemini 2.5 Pro directly into your terminal for coding, debugging, and task automation. Developers get massive usage limits (60 requests/minute, 1,000/day) at no cost with just a personal Google account. MORE

Astro 5.10 introduces experimental live content collections that fetch data at runtime instead of build time, enabling real-time content like inventory updates, news feeds, and live metrics. This new feature maintains Astro's familiar API while opening up dynamic possibilities for e-commerce sites, dashboards, and personalized content experiences. MORE

The term "context engineering" is gaining traction as a better alternative to "prompt engineering" for working with AI models. Tech leaders like Shopify's CEO and Andrej Karpathy argue it better captures the complex art of providing LLMs with all the right information to solve tasks effectively. MORE

Hakluke and HackerContent is hiring a Social Media Manager with cybersecurity experience and social media management skills. The application requires details on your infosec background, social handles, and content creation abilities.

Alethe Denis, a cybersecurity trailblazer, rose to prominence after winning the DEF CON Social Engineering Capture the Flag competition in 2019. As a Senior Security Consultant at Bishop Fox, she leverages her expertise in human psychology and social engineering to enhance organizational security. MORE

How to Get Your First GovTech Role (Help Desk/IT Support/Cybersecurity). MORE

Apple is hiring a Red Team Platform and Hardware Security Researcher in Cupertino to find vulnerabilities in iOS, macOS, and Apple Silicon chips. MORE

Graham shares his practical guidelines for succeeding in new tech roles, covering everything from mastering internal tools to building relationships with colleagues. His advice includes reading all product documentation thoroughly, taking detailed meeting notes, tracking wins for performance reviews, and maintaining work-life balance through proper breaks and PTO. MORE

Showcase of an effective Zettelkasten workflow in Obsidian. It illustrates how to create atomic notes and establish meaningful connections between concepts. MORE

Todoist just launched an experimental feature "Ramble," that lets you speak naturally and instantly converts your words into organized action lists. This builds on their pioneering natural language parsing technology, currently available for paid users with experimental features enabled. MORE

Omarchy is ready. Hyprland + Arch have never been so easy. Everything comes preconfigured, preinstalled, and with six beautiful themes in the box. This is the smoothest, most pleasant operating system DHH ever had under his fingers. MORE

Wes Bos released an OBS Source Record UI that lets you control your local OBS setup directly from your browser using websockets. MORE

Patrik Fehrenbach announced he's joining Assetnote as a Security Researcher, calling the opportunity "surreal." Congrats! MORE

XINTRA Enterprise Live launches after 8 months of development, offering SOC/IR teams real-world threat simulation with live infrastructure instead of locked-down VMs. MORE

Mitchell Hashimoto, co-founder of HashiCorp, announced he's ready to openly share his experiences and opinions about working with Microsoft, Google, and Amazon after enough time has passed. MORE

Doug discovered a 27-year-old hidden easter egg in Apple's Power Mac G3 ROM by reverse engineering the SCSI Manager code. The secret reveals a team photo that can only be accessed by formatting the RAM disk with the exact phrase "secret ROM image". MORE

Researchers discovered a pre-authentication remote code execution chain in Sitecore Experience Platform, exploiting hardcoded credentials where the ServicesAPI user password is literally just "b". MORE

Rapid7's zero-day research uncovered 8 vulnerabilities affecting 742 printer models from Brother, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec Corporation. MORE

The first-ever State of Devs 2025 survey breaks new ground by focusing on workplace issues, health, and hobbies rather than just coding skills. With 8,717 responses and notably higher female participation, it reveals developers want to discuss the personal side of tech careers beyond programming. MORE

Breaking the Shield: How XBOW, autonomous AI pentesting system, Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN. MORE

George discovered a clever hack to cut OpenAI transcription costs by 33%: simply speed up your audio files 2-3x before uploading them. The technique works because AI models handle accelerated speech surprisingly well, reducing both processing time and token usage while maintaining transcription accuracy. MORE

Andrew shares expert advice on writing better AI prompts: avoid humanistic language and use clear, repetitive commands like "Always use X. Never use Y." He provides a comprehensive example prompt for web development that demonstrates how explicit, structured rules prevent AI from generating outdated code. MORE

Large language models with massive context windows aren't immune to "garbage in, garbage out", they can get confused, distracted, or poisoned by irrelevant information. This guide covers six proven tactics like RAG, context pruning, and offloading to keep your AI agents focused and performing at their best. MORE

"Working on mediocre things is a disrespect to life. [...]" MORE

Ashley explores how feedback in tech isn't criticism but care, requiring emotional labor to give well and reflection to receive properly. She breaks down the myths around "direct feedback," the weight of power dynamics, and why creating psychological safety makes feedback transformational rather than transactional. MORE

A security researcher earned $10,000 from Uber after discovering a critical flaw in their WordPress SAML SSO plugin that allowed attackers to bypass authentication entirely. The vulnerability let hackers forge login responses and gain admin access to Uber's sites without needing any passwords. MORE

Nuclei templates for source code analysis. Detects hardcoded secrets, config leaks, debug endpoints. Also helps identify OWASP Top 10 issues in code. Ideal for SAST and CI/CD integration. MORE

Julia Evans released "The Secret Rules of the Terminal," a $12 zine that demystifies why terminal behavior seems inconsistent and unpredictable. After 20 years of daily terminal use, she breaks down the four key components (shell, terminal emulator, programs, and TTY driver) and explains practical debugging techniques for common terminal frustrations. MORE

Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration. MORE

iOS Research Docker Environment. It solves common pain points like USB device access, SSH authentication, and symbol resolution. The containerized setup automatically handles port forwarding, process attachment, and script loading, making iOS security testing seamless across different machines. MORE