Open Port - Cybersecurity news, threat analysis, and practical guides for learning the offensive side of security

The Route Into GitHub Began Upstream

May 25, 2026 article

GitHub said it detected and contained a compromise of an employee device on May 18 involving a poisoned third-party Visual Studio Code extension. The activity involved exfiltration of GitHub-internal repositories only, and the attacker's claim of approximately 3,800 repositories was directionally consistent with the company's investigation.

The company also reported no evidence of impact to customer information stored outside its internal repositories. The entry point is what makes the incident unusual. GitHub's public account did not describe a direct compromise of its own platform or production systems. It centered on software running on a developer workstation: an editor extension installed through the same kind of channel developers use every day.

The trail runs backward from that employee device, through the compromised extension, and into an earlier supply-chain incident that set the route in motion.

>> continue reading

Nmap for Penetration Testing

May 18, 2026 article

Nmap, short for Network Mapper, is one of the first tools a penetration tester reaches for when trying to understand a network. It helps answer the early questions that shape the rest of an assessment:

What hosts are online?
What ports are open?
What services are running?
What versions are exposed?
Is traffic being filtered?
What deserves closer review?

Before running Nmap, it helps to understand the network range you are working with.

>> continue reading

Cracking Hashes with John the Ripper

May 10, 2026 article

Today I started learning about the basics of John the Ripper. John is a popular password-cracking tool used to test password hashes and identify weak passwords.

Before covering the basics of the tool, it helps to understand a few cryptography terms and how password cracking works.

Most modern systems do not store user passwords in plain text. Instead, they store a hashed version of the password.

>> continue reading

My First Step into Cybersecurity

May 3, 2026 article

Hello World.

It is a beginner's first step into programming. On the surface, the program does almost nothing. It prints a line of text and exits, but that is the point because it is the moment you write your first line of code and create your first program.

The same applies in cybersecurity. The first time you venture into this industry can feel overwhelming, but starting small is the best way to keep from getting overwhelmed. A structured learning path helps you stay focused, but consistency matters just as much. You have to keep learning new tools, keep showing up, and love the industry enough to stick with it.

>> continue reading