CramHacks
Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
Silicon Valley Spies, malicious GH actions, Wiz acquired for $32B, EPSSv4, lots more drama!
Taking over hundreds of popular apps, generating SBOMs at scale, UK govt releases OSS best practices and risks, getting frustrated with misrepresented data
Quietly load malicious vscode extensions, 2025 Open Source Security and Risk Analysis Report, Mixing up Public and Private Keys in OpenID Connect deployments, Open Source Project Security Baseline
How the industry is mitigating the risks of abusing lifecycle scripts, stolen credentials, and fake reputations!
The biggest supply-chain attacks in 2024, Top 10 web hacking techniques, whoAMI: A cloud image name confusion attack, Malicious Code & Vulnerabilities
RapidFort's Community Images: A Cost-Effective Solution for Enhanced Container Security Management
Measuring LLM Package Hallucination, Reviving Abandoned S3 Buckets, Maven begins validating Sigstore signatures, and Go Module Proxy cache abuse
I have a new Job! OSS usage trends, us-east-1.com DNS insights, CVEs for EOL versions, Palantir's security practices, OSS health checks, OSV-Scanner v2.0.0-beta1
Executive Order 14144, Homebrew warnings, Google’s Patch Rewards, StackOverflow's decline, GitHub antics, and insights on the Cyber Resilience Act
Exploring OSS Vulnerabilities, Google’s OSV Growth, GitHub Actions Security, Snyk's Controversy, CNCF Fuzzing Insights, and More
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets.
Veracode Acquires Phylum, AWS RCE Vulnerabilities, Elastic CVE Reduction, 2024 CVE Review, PyPI Quarantine, Bundler Checksums, Python Malware Detection
