CramHacks
Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
Exploring OSS Vulnerabilities, Google’s OSV Growth, GitHub Actions Security, Snyk's Controversy, CNCF Fuzzing Insights, and More
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets.
Veracode Acquires Phylum, AWS RCE Vulnerabilities, Elastic CVE Reduction, 2024 CVE Review, PyPI Quarantine, Bundler Checksums, Python Malware Detection
Happy New Year! GitHub Cache-Native Malware, Hijacking Chrome Extensions, 2024 Blog Recap, Microsoft using third-party domains
GitHub tackles workflow vulnerabilities, finding undisclosed vulnerabilities using LLMs, container image signing, chasing quality OSS license data, OSS funding report
'What sucks in security,' Tool sprawl woes, Vanir’s patch validation, Ultralytics compromised, and supply chain security annual reports!
@solana/web3.js Breach, Census III Insights, Encrypted Apps Warning, Dependency Confusion Challenges, Redis Crate Controversy, WordPress Auth Flaw
CWE Top 25, OSS Dataset for Malware, Arch Linux RFC for upstream package handling, GitHub Wiki Malware Tactics, AI Fuzzing, Malicious linPEAS Fork
From Repo Swatting to PyPI Attestations: Supply Chain Security, eBPF Research, and Tools to Mitigate Emerging Threats
Dependency upgrades are the simplest, most effective way to mitigate risks—so why aren’t they the priority?
CISA's Top Exploited CVEs, Snyk's Probely Acquisition, Dependabot's Copilot Autofix, OSS Maintainers on Vulnerability Management, and Perforce’s Puppet Source Shift
Fuzzing, Security Audits, and New Tools: A Look at Recent Developments in the Open Source Software Security Landscape.
