The CyberSec Guru

Ad-Free Articles Are Here for Buy Me a Coffee Members!
Starting 1st July, every new article published on The CyberSec Guru will include an Ad-Free Reading option exclusively for our ...

The KIDS Act Just Passed the House – Here’s Every Detail about it
The KIDS Act (H.R. 7757) passed the House 267-117. Here's what age verification, encryption rules, and chatbot mandates actually require, in detail

Sony Just Pulled 551 Movies from PlayStation Libraries. Again. And Here’s What Nobody Is Talking About.
Sony is deleting 551 purchased StudioCanal movies from PlayStation libraries on September 1, 2026 with zero refunds. Here's the full technical and legal breakdown

Discord Is Testing Incode for Age Verification, and the Privacy Concerns Are Legitimate
Discord is running a limited trial with Incode for facial age estimation and ID scanning. Here is what the vendor actually does, what are the privacy concerns

Booking.com’s Hotel Extranet Is a Fraud Supermarket – and Japan Is Paying the Price
Hackers are using ClickFix malware to steal Booking.com hotel extranet credentials, then draining bank accounts and phishing guests with real reservation data

Network Analysis: The Complete Guide to CLI Tools, Packet Sniffers, tcpdump, and Wireshark
Deep technical guide to network analysis: CLI tools, tcpdump BPF syntax, Wireshark filters, promiscuous mode, pcap vs pcapng, tshark, and practical exercises

EU Chat Control Is Back – And This Time It Might Actually Pass
EU Chat Control is back in its final legislative round on June 29, 2026. This complete guide covers what Chat Control proposes, the full timeline from 2021, why it keeps returning, and what happens if it passes

Beginner’s Guide to Conquering Enigma on Hack the Box
Conquer Enigma on Hack The Box like a pro with the beginner's HTB writeup. Dominate this challenge and level up your cybersecurity skills

Two new Linux LPEs hit page cache from opposite ends of the kernel
Two new Linux kernel LPEs, CVE-2026-46331 (pedit COW) and CVE-2026-43503 (DirtyClone), corrupt page-cache memory to gain root without touching disk. Working exploits are public

Three Vulnerabilities, One Platform: Why Your Self-Hosted Gitea/Gogs Instance Is Probably Already Owned
Three critical Gitea and Gogs CVEs disclosed in 2026: a CVSS 9.8 auth bypass via X-WEBAUTH-USER header, a stored DOM XSS through Semantic UI's preserveHTML, and an incomplete SSRF fix exposing AWS IMDS credentials





