CramHacks
Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
How Quickly Hackers Exploit Exposed Secrets, Google's Strategies for Memory Safety, Python 3.8 EOL, and SLSA Provenance in PyPI
Feds Prioritize Open-Source Software Security Initiatives
2024 Open Source Maintainer Report, Java fuzz harness synthesis using LLMs, Hijacking deleted packages, AI Crisis, and more!
CramHacks takes Switzerland
A Year of Cramming: Celebrating Milestones and Looking Ahead
98% of PyMySQL forks are vulnerable to SQL Injection
WAFs are dead, will ADR save us? PyPi responds to 90% of malicious packages within 24hrs! Unprotected Container Registries
Hacker Summer Camp, 390 Vulnerabilities added to KEV, using AI to upgrade npm packages, GitHub Workflow Vulnerabilities, Open-Source Software Security
Vegas, Cross Fork Object Reference, Apple's AI Prompts, EPSS, and NVD
Where are all the youth in open source?, Offline Malware Analysis Tool, GitHub's Dependency Graph, Hacker Summer Camp
Switzerland mandates software source code disclosure, Malicious NuGet Packages, Go Capability Analysis, Open Source Software Security
PyPi dodges a bullet, Google domains hijacked, CISA broke into a US federal agency, and more!