Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
CramHacks takes Switzerland
A Year of Cramming: Celebrating Milestones and Looking Ahead
98% of PyMySQL forks are vulnerable to SQL Injection
WAFs are dead, will ADR save us? PyPi responds to 90% of malicious packages within 24hrs! Unprotected Container Registries
Hacker Summer Camp, 390 Vulnerabilities added to KEV, using AI to upgrade npm packages, GitHub Workflow Vulnerabilities, Open-Source Software Security
Vegas, Cross Fork Object Reference, Apple's AI Prompts, EPSS, and NVD
Where are all the youth in open source?, Offline Malware Analysis Tool, GitHub's Dependency Graph, Hacker Summer Camp
Switzerland mandates software source code disclosure, Malicious NuGet Packages, Go Capability Analysis, Open Source Software Security
PyPi dodges a bullet, Google domains hijacked, CISA broke into a US federal agency, and more!
Risks in dependency managers, ChatGPT stores history in clear-text, CI/CD Attacks Everywhere, Secure Software Development Education 2024 Survey
New CVE rules, AI catastrophe, critical CocoaPods flaws, GitLab pipeline bug, OpenSSH vulnerability, unsafe Ruby deserialization, Maven Central bandwidth issues
Google Project Zero: offensive security with LLMs, Data leak @ Apple, polyfill.io supply chain attack, AI Vulnerabilities