CramHacks
Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
AI can now control your entire computer, WordPress War, CISA product security bad practices, and open source vulnerability discoveries!
A 15-year-old collected $50K+ in bounties, command-jacking via entry points, Sonatype's 10th Annual State of the Software Supply Chain Report, and more!
The State of Open Source in Financial Services, the future of Python packaging, NVIDIA NIM Agent Blueprints, fuzzing, and more!
How Quickly Hackers Exploit Exposed Secrets, Google's Strategies for Memory Safety, Python 3.8 EOL, and SLSA Provenance in PyPI
Feds Prioritize Open-Source Software Security Initiatives
2024 Open Source Maintainer Report, Java fuzz harness synthesis using LLMs, Hijacking deleted packages, AI Crisis, and more!
CramHacks takes Switzerland
A Year of Cramming: Celebrating Milestones and Looking Ahead
98% of PyMySQL forks are vulnerable to SQL Injection
WAFs are dead, will ADR save us? PyPi responds to 90% of malicious packages within 24hrs! Unprotected Container Registries
Hacker Summer Camp, 390 Vulnerabilities added to KEV, using AI to upgrade npm packages, GitHub Workflow Vulnerabilities, Open-Source Software Security
Vegas, Cross Fork Object Reference, Apple's AI Prompts, EPSS, and NVD