newsletter

newslettersponsoredblog
newsletternewsletter
CramHacks Chronicles #95: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #95: Weekly Cybersecurity Newsletter!

dependabot supports vcpkg, Python package installers: zip parser confusion attacks, DALEQ: java binary equivalence, BAXBENCH: Can LLMs Generate Correct and Secure Backends?

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #94: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #94: Weekly Cybersecurity Newsletter!

MCP Context Protector, Provenance Signing & Verification for Model Hubs, Cursor's Questionable Denylist, CodeQL Support for Rust, CISA SBOM Community Closes Doors

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #93: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #93: Weekly Cybersecurity Newsletter!

G-Suite Prompt Injections, compromised npm maintainer, crates.io announces trusted publishing, Google's OSS-Rebuild project, container isolation

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #92: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #92: Weekly Cybersecurity Newsletter!

What $270,000 of bug hunting open source gets you, Post-quantum cryptographic scanner pqscan, mcp-remote RCE, North Korean malicious npm packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #91: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #91: Weekly Cybersecurity Newsletter!

GitHub Immutable Releases, Deptective, Cloudflare monetizing web crawling, historic data on software supply chain attacks, Belgium is unsafe for CVD

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #90: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #90: Weekly Cybersecurity Newsletter!

Compromising the extension store used by Cursor & Windsurf, GitHub Advisory DB insights, leveraging GitHub Events to expose secrets, OpenSSF Japan

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #89: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #89: Weekly Cybersecurity Newsletter!

Google Donates A2A, GH Attestation OPA Gatekeeper Support, Malicious Transitive Dependencies, Kingfisher Secret Detection, Edara & Container Security

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #88: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #88: Weekly Cybersecurity Newsletter!

Docker Hub webhook security, libxml2's bug management, GerriScary's Google vulnerability, Netflix's dependency confusion, and CVE scoring

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

Apple Containerization, No output from your MCP server is safe, GitHub Release Assets now have digests, 16+ npm packages compromised from leaked secrets

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #86: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #86: Weekly Cybersecurity Newsletter!

Trusted Publishing for NPM, Likely Exploited Vulnerabilities (LEV), Correctness of SBOM Generation, Scalable Dynamic Malware Analysis for packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #85: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #85: Weekly Cybersecurity Newsletter!

US Government Launches Audit of NIST’s National Vulnerability Database, CycloneDX Abandons bug bounty program funded by Sovereign Tech Fund, build & deployment security

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #83: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #83: Weekly Cybersecurity Newsletter!

Exploring npm vulnerabilities, Kyverno introduces ImageValidatingPolicy, XBOW reaches Highest Rank on HackerOne Leaderboard, Ubuntu adopts sudo-rs, LlamaFirewall

Kyle Kelly