Kyle Kelly

Kyle Kelly

newsletternewsletter
CramHacks Chronicles #96: Bi-Weekly Cybersecurity Newsletter!

CramHacks Chronicles #96: Bi-Weekly Cybersecurity Newsletter!

Nx Malware, Immutable Releases, GitHub Actions Policy, PyPI Domain Protection, OPA, CodeRabbit RCE, Typosquatting GHCR, Reachability?

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #95: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #95: Weekly Cybersecurity Newsletter!

dependabot supports vcpkg, Python package installers: zip parser confusion attacks, DALEQ: java binary equivalence, BAXBENCH: Can LLMs Generate Correct and Secure Backends?

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #94: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #94: Weekly Cybersecurity Newsletter!

MCP Context Protector, Provenance Signing & Verification for Model Hubs, Cursor's Questionable Denylist, CodeQL Support for Rust, CISA SBOM Community Closes Doors

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #93: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #93: Weekly Cybersecurity Newsletter!

G-Suite Prompt Injections, compromised npm maintainer, crates.io announces trusted publishing, Google's OSS-Rebuild project, container isolation

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #92: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #92: Weekly Cybersecurity Newsletter!

What $270,000 of bug hunting open source gets you, Post-quantum cryptographic scanner pqscan, mcp-remote RCE, North Korean malicious npm packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #91: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #91: Weekly Cybersecurity Newsletter!

GitHub Immutable Releases, Deptective, Cloudflare monetizing web crawling, historic data on software supply chain attacks, Belgium is unsafe for CVD

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #90: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #90: Weekly Cybersecurity Newsletter!

Compromising the extension store used by Cursor & Windsurf, GitHub Advisory DB insights, leveraging GitHub Events to expose secrets, OpenSSF Japan

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #89: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #89: Weekly Cybersecurity Newsletter!

Google Donates A2A, GH Attestation OPA Gatekeeper Support, Malicious Transitive Dependencies, Kingfisher Secret Detection, Edara & Container Security

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #88: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #88: Weekly Cybersecurity Newsletter!

Docker Hub webhook security, libxml2's bug management, GerriScary's Google vulnerability, Netflix's dependency confusion, and CVE scoring

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

Apple Containerization, No output from your MCP server is safe, GitHub Release Assets now have digests, 16+ npm packages compromised from leaked secrets

Kyle Kelly