The blog of a cybersecurity student

Posts

Attack.Mitre.Org

March 17, 2026

I came across the MITRE ATT&CK website and felt that it would be a valuable resource for both cybersecurity students and professionals because it provides real-world understanding of how cyberattacks actually happen. The website is structured well. For example, it has a hyperlink for a particular topic, such as ‘Reconnaissance’, and will then have a column of hyperlinks that relate to that topic. This allows one to truly focus on a topic that they are interested in learning more about. The website also includes a large amount of practical, detailed information for each technique, such as how the attack works, examples of real-world use, and possible detection or mitigation strategies. This makes it especially helpful not just for learning concepts, but for applying them in real scenarios like threat hunting, incident response, and system defense. Another reason the site is so valuable is that it is continuously updated and community-driven. Cybersecurity professionals from arou...

The Hacker News

March 06, 2026

The Hacker News I came across a website called The Hacker News, and it seems like a useful site to stay on top of current risks that relate to cybersecurity. The site regularly posts articles about current cyberattacks, newly discovered vulnerabilities, malware campaigns, and security research. After reviewing a few articles, I felt that they did a good job of explaining complex cybersecurity topics in a way that is easier to understand. They often break down how a specific attack works, what vulnerability was exploited, and what organizations can do to protect themselves. Overall, I think that The Hacker News is a good resource for cybersecurity professionals who want to stay informed about current threats and developments in the field. It provides real-world examples of the types of attacks and vulnerabilities that security professionals deal with every day. Website: https://thehackernews.com/

February 24, 2026

The Software Engineering Institute For this week, I’ll be talking about a resource that I was previously unaware of. The Software Engineering Institute (SEI) at Carnegie Mellon University is a leading research center focused on software engineering, cybersecurity, and AI, working closely with government, industry, and academia. Their website has resources for cybersecurity professionals, including research papers, technical reports, blogs, and podcasts that cover topics like secure software development, threat modeling, and emerging cybersecurity challenges. SEI also provides practical tools and frameworks that teams can use to improve security processes, along with professional training programs, webinars, and certification opportunities to help practitioners advance their skills. The site also offers access to a comprehensive library of publications, news updates, and upcoming events, making it a go-to source for staying current on trends, best practices, and real-world soluti...

February 21, 2026

Sophisticated Phishing Campaigns Powered by AI I found this article interesting as it highlights how hackers are using AI to create incredibly convincing phishing emails, automate attacks on weak third-party systems, and even find new ways to sneak into networks without anyone noticing. Companies must fight back with AI-powered tools that can detect unusual behavior, flag potential breaches, and even predict attacks before they happen. I think that the rise of AI is making the cybersecurity landscape more unpredictable than ever. Whether you’re a business or just a regular internet user, staying alert and understanding how AI is being used in cybercrime is more important than ever. I think it is important for us all to be aware of both the risks and benefits of AI in the field of cybersecurity. Do you have any specific concerns relating to AI and cybersecurity? Article: Report: 1 in 4 Data Breaches Exploit Third-Party Vulnerabilities - Tech.co

February 14, 2026

The Common Vulnerabilities and Exposures (CVE) Program The Common Vulnerabilities and Exposures (CVE) program is a trusted system used across the cybersecurity industry to track publicly known security vulnerabilities. CVE is sponsored by United States DHS and CISA. The website CVE.org acts as a central place where these vulnerabilities are listed and assigned a unique identification number, known as a CVE ID. These CVE IDs make it easy for security teams, vendors, and researchers to talk about the same vulnerability without confusion. Instead of using different names for the same issue, everyone uses the standard identifier. This consistency facilitates collaboration amongst the industry and assists in mitigating risk through the prompt disclosure of discovered risks. Many security tools, such as vulnerability scanners and patch management systems, use CVE IDs. When a new vulnerability is published, professionals can quickly check whether their systems are affected, unders...

February 08, 2026

Cybersecurity and Infrastructure Security Agency (CISA) CISA is a government agency that works to protect systems we all rely on, like power, healthcare, transportation, and government services. These are things most people don’t think about unless something goes wrong. Even though CISA focuses on big, nationwide issues, a lot of the information they share is still helpful for everyday users. What stood out to me about CISA is how practical their cybersecurity advice is. They focus on simple habits like creating stronger passwords, using multi-factor authentication, keeping devices updated, and backing up important files. These are easy steps that almost anyone can follow. You can find up-to-date info on current cyber threats, training materials, guides, and checklists for individuals, businesses, schools, or government organizations. It’s also a trusted source, so instead of digging through random blogs or videos, you can get reliable advice all in one place. I think that ...