I got tired of it.
Genuinely tired.
Every time I’d tail the auth log on my server, it was just wall-to-wall garbage — bots hammering SSH from all over the world, all day, every day.
I’d done the usual stuff: changed the port, set up fail2ban, whitelisted IPs.
And honestly? It still felt like playing whack-a-mole.
So I finally just said forget it and closed the port entirely.
No port, no problem.

The approach is simple: route all SSH access through Cloudflare Tunnel and don’t expose port 22 (or any other port) to the internet at all.
This covers both macOS Terminal and Windows PuTTY, since I use both depending on where I’m working.
Server is Rocky Linux 9.7, for reference.

So you want a website nobody else can touch.
If you’re self-hosting anything with sensitive data, you probably need this.

This is how I set up client certificate auth on Apache so only my devices can even connect.

Act now. Microsoft confirmed an actively exploited zero-day. Learn about the information disclosure vulnerability that bypasses ASLR and how to defend against it.

Chinese-speaking hackers breached SonicWall VPN and escalated all the way to VMware ESXi hypervisor control.
The exploit toolkit was apparently in development for over a year before anyone knew these bugs existed.

I recently reinstalled macOS, so I’m writing down the port changes and ACL setup.

Of course, you’ll want to change the default port to a different number,
and to further enhance security, I’ll configure an ACL (Access Control List) to allow access only from specific IP addresses.

macOS security keeps evolving, so these methods change with each OS update.
Tested and working on macOS Sequoia 15.7.3 (January 2026).

This article explains step by step why changing the port is important
and how ACL configuration can further enhance security.

This is Part 3 of the Chrome Password Hacking Series.

In the previous article, we looked at how stored passwords can be leaked
when the attacker knows the PC account password.

In this post, we will look at a different scenario —
even without knowing the PC account password,
Chrome passwords can still be extracted if the computer is left unlocked for a moment.

This is not remote hacking.
It’s another form of local attack, carried out by someone with brief physical access to your machine.

This is Part 2 of the Chrome Password Hacking Series.

Chrome’s password autofill feature is convenient, but that convenience can hide a critical weakness.
If someone knows your PC account password, it effectively means your entire set of Chrome-stored passwords is exposed.

This is not a remote hack.
It’s a local attack, carried out by someone who can briefly sit in front of your unlocked PC.

This is Part 1 of the Chrome Password Hacking Series.

Chrome’s password autofill feature is convenient and makes everyday browsing easier.
However, convenience often comes with security trade-offs, and autofill is no exception.

In this post, we’ll take a closer look at how the passwords stored in Chrome can be exposed.
This is not about remote hacking—it’s a type of local attack, where someone with brief access to your PC can retrieve your saved passwords.

This is the password management program I use for work.
It’s been so valuable to me that I wanted to share it with you.
Stop storing your work passwords in Excel files.

Important passwords should be stored in personal files that no one else can access.
This is especially true for IT administrators—KeePassXC is incredibly useful.

KeePassXC is a leading open-source password management tool that’s completely free and works seamlessly across any operating system or mobile environment.

This article covers the essentials of using KeePassXC.

Last July, an absolutely devastating ransomware attack hit Saint Paul, Minnesota, causing one of the worst cybersecurity incidents in American municipal history.
The entire city’s computer systems were paralyzed, network communications failed, citizens couldn’t pay their water bills, libraries lost Wi-Fi access, and even city employees couldn’t work.

This turned out to be a ransomware attack orchestrated by a hacker group called “Interlock.”
What’s infuriating is that when the city refused to pay their demands, these criminals released 43GB of citizen data onto the internet..

Let’s examine exactly what happened and what we can learn from it.

This is actually happening! Check if your phone is being hacked right now.
Hidden mobile base stations in cars are secretly approaching people.
A text arrives on your phone: “Emergency! Your account has been hacked. Check immediately”
In a panic, you click the link and enter your password… and soon cash is stolen from your account.
It sounds like a movie plot, but this is actually happening in real life.

In March 2025, a Chinese student in London drove around in an SUV for 5 days, sending smishing text messages to tens of thousands of people.
Similar incidents of fake text messages being distributed occurred in Bangkok, Thailand, Malaysia, and New Zealand.

Let’s find out what’s really happening and what we need to do about it.

I was shocked watching the morning news yesterday.
Breaking news flashed that check-in systems at London Heathrow Airport were down.
At first, I thought it was just a simple system glitch,
but it turned out to be a massive cyberattack that simultaneously hit major airports across Europe.

South Korea is implementing its 2nd Consumer Recovery Coupon program, distributing 100,000 KRW (approximately $75 USD, equivalent to about 2-3 meals at a mid-range restaurant in Korea) per person starting September 22nd.
This nationwide initiative targets 90% of the population as part of economic recovery efforts.
However, alongside this beneficial policy, the Korean government is also addressing a significant challenge: the rise in smishing scams that exploit such programs.

Let’s explore how Korea is tackling both economic support and digital security simultaneously.