Lightnews — Scholar-powered news

hakluke @hakluke.com · 2d

So it turns out 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 and 2025 were NOT the year of the Linux desktop.

2026 though.

1 1 3

hakluke @hakluke.com · 6d

Red teaming tip: Up against a NAC, but need to plug your device in?

- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨

1 4

hakluke @hakluke.com · 8d

Do you think we'll ever get to a point where everyone just gives up on protecting personal data, and we just assume everything is public?

We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.

1

hakluke @hakluke.com · 9d

NEVER underestimate a properly caffeinated hacker with some free time

4

hakluke @hakluke.com · 9d

I'm so proud that HackerContent helped produce the new Hacker-Powered Security Report from @hacker0x01.bsky.social.

It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.

Read it here 👇

www.hackerone.com/report/hacke...

Hacker-Powered Security Report - 9th Edition | HackerOne

The Hacker-Powered Security Report benchmarks how enterprises are confronting AI risk, closing exposure gaps, and adapting to faster, more persistent attackers

www.hackerone.com

1

hakluke @hakluke.com · 9d

Imagine being the UI designer for AWS console

1

hakluke @hakluke.com · 12d

HackerContent is HIRING a social media manager and personal assistant! 🚨

Links to application forms:
🧑‍🎨 Social media manager: wkf.ms/48EnZP8
👨‍💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw

Social Media Manager Job Application | WorkForms

From requests, feedback to data collection and more. Turn your insights into action with customizable WorkForms.

wkf.ms

1

hakluke @hakluke.com · Sep 10

Yeah BS is the best of the bunch for this. I'm referring to social platforms in general. I wouldn't be surprised if BS changes in the next few years - hope not!

1

hakluke @hakluke.com · Sep 10

Friendly reminder: Social media algorithms are designed to polarize us.

You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.

Now more than ever, independent thought is vital.

Think.
For.
Yourself.

1 2

hakluke @hakluke.com · Sep 10

wife: how are bug bounties going?

me: pretty good pretty good

5

hakluke @hakluke.com · Jun 28

This is basically how hackercontent.com works

1 4

hakluke @hakluke.com · Jun 28

I analyzed the ~5000 social media posts that HackerContent has put out on various cybersecurity-related social media accounts this year to figure out what the most engaging types of posts are.

Here's the roundup!

hackercontent.com/blog/the-top...

The Best Performing Post Types for Cybersecurity Companies in 2025 (So Far)

Discover the 6 best-performing cybersecurity content types of 2025, from giveaways to explainer videos, that boost engagement and grow your audience.

hackercontent.com

hakluke @hakluke.com · May 12

that feeling when you wait 3 days to see the results of an authenticated brute force with a huge wordlist but /logout was right at the top of the wordlist 😭

11

hakluke @hakluke.com · May 2

Right on Matt!

hakluke @hakluke.com · Apr 30

Cybersecurity marketing is a mess.

I wrote a blog about it.

hakluke.com/cybersecurit...

Cybersecurity marketing is a mess, and it's hurting everyone

A dive into everything that's wrong with cybersecurity marketing, and how we can fix it.

hakluke.com

2 5

hakluke @hakluke.com · Apr 29

They just do it to let you know that they have your PII. It's a threat.

1 1

hakluke @hakluke.com · Feb 21

Awesome bug and write-up by Brutecat.

They found a way to leak any YouTube user's email using their public channel ID.

They chained two unrelated Google services:

- YouTube (to get their ID)
- Google Recorder (mapped ID to email)

Here's a link to the writeup:
brutecat.com/articles/lea...

Leaking the email of any YouTube user for $10,000

What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel

brutecat.com

1 10

hakluke @hakluke.com · Dec 9

Would you prefer a pentest where you find very little vulnerabilities and a short report, or a pentest where you find loads of vulnerabilities but a long report? 🤔

12 4

Reposted by hakluke

Zack Whittaker @zackwhittaker.com · Nov 28

New, by me: Security researchers say North Korean hackers, posing as VCs, recruiters, and remote IT workers, have infiltrated "hundreds of organizations" and stolen billions of crypto in recent years to fund the regime's nuke program.

My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Security researchers say North Korean hackers have infiltrated hundreds of organizations with the goal of taking money and stealing data to further the regime's nuclear weapons program.

techcrunch.com

6 69 160

hakluke @hakluke.com · Nov 29

Here's a live animation of sales on Shopify throughout Black Friday.

While I was watching it was hovering at around 1.2M per minute.

Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯

bfcm.shopify.com

1 6

hakluke @hakluke.com · Nov 29

How on earth did I get 2k followers here I have barely posted anything

10 16

Reposted by hakluke

spookillumi @illumi.meme · Nov 19

The computers used to scream at us when we logged on because They Knew

4 110 410

hakluke @hakluke.com · May 14

Should I do bug bounties again y/n

1

hakluke @hakluke.com · May 5

The sky is always bluer on the other side

2