Dependency cooldowns, redux
https://blog.yossarian.net/2025/12/13/cooldowns-redux
#security #oss
Dependency cooldowns, redux
https://blog.yossarian.net/2025/12/13/cooldowns-redux
#security #oss
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing πππ¦
blog.pypi.org/posts/2025-1...
I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!
06.08.2025 08:01 β π 32 π 9 π¬ 4 π 1
my colleague @darkamaul.bsky.social has a new blog post on the @trailofbits.bsky.social blog about how we worked with @pypi.org's maintainers to slash test times on PyPI by over 80%:
blog.trailofbits.com/2025/05/01/m...
Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...
zizmor would have caught the Ultralytics workflow vulnerability https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection #security #oss
06.12.2024 17:40 β π 17 π 7 π¬ 2 π 2Excited to be part of the lineup at @districtcon.bsky.social first conference! Can't wait to see everyone in Washington DC
27.11.2024 09:04 β π 1 π 0 π¬ 0 π 0