newsletter

newslettersponsoredblog
newsletternewsletter
CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #87: Weekly Cybersecurity Newsletter!

Apple Containerization, No output from your MCP server is safe, GitHub Release Assets now have digests, 16+ npm packages compromised from leaked secrets

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #86: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #86: Weekly Cybersecurity Newsletter!

Trusted Publishing for NPM, Likely Exploited Vulnerabilities (LEV), Correctness of SBOM Generation, Scalable Dynamic Malware Analysis for packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #85: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #85: Weekly Cybersecurity Newsletter!

US Government Launches Audit of NIST’s National Vulnerability Database, CycloneDX Abandons bug bounty program funded by Sovereign Tech Fund, build & deployment security

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #83: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #83: Weekly Cybersecurity Newsletter!

Exploring npm vulnerabilities, Kyverno introduces ImageValidatingPolicy, XBOW reaches Highest Rank on HackerOne Leaderboard, Ubuntu adopts sudo-rs, LlamaFirewall

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #82: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #82: Weekly Cybersecurity Newsletter!

Disney Hackers Get Jail Time, Maintainer Month, White House Proposes $500M CISA Cut, Trusting Russian State-Owned OSS Packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #81: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #81: Weekly Cybersecurity Newsletter!

MCP Servers Leaking Secrets, Backdooring more cryptocurrencies, Kali loses access to signing key, Google's 2024 Zero-Day Exploitation Analysis

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #80: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #80: Weekly Cybersecurity Newsletter!

Supply Chain Pre-RSAC Announcements, do not run any Cargo commands on untrusted projects, scanning stale branches, and more!

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #79: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #79: Weekly Cybersecurity Newsletter!

CVE Program Funding Extended, MCP Server Security, Weaponizing Code Agents, Threat Modeling GitHub, Anatomy of Malicious Open Source Packages

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #78: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #78: Weekly Cybersecurity Newsletter!

Q&A w/ Linus Torvalds, #camelgate, OSS Project for auditing GH Actions, Google announces new experimental cybersecurity model, Verizon exposed call logs

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #77: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #77: Weekly Cybersecurity Newsletter!

Compromised GitHub Actions, IngressNightmare, WIZ Vuln DB Fail, Chainguard VMs & Libraries, $3M to find suspicious open source contributors

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #74: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #74: Weekly Cybersecurity Newsletter!

Quietly load malicious vscode extensions, 2025 Open Source Security and Risk Analysis Report, Mixing up Public and Private Keys in OpenID Connect deployments, Open Source Project Security Baseline

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #73: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #73: Weekly Cybersecurity Newsletter!

The biggest supply-chain attacks in 2024, Top 10 web hacking techniques, whoAMI: A cloud image name confusion attack, Malicious Code & Vulnerabilities

Kyle Kelly