Sylwia Budzynska @blazingwind

Latest posts by blazingwind.bsky.social on Bluesky

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...

12.03.2025 21:33 — 👍 7 🔁 6 💬 0 📌 0

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).

github.blog/security/sig...

12.03.2025 21:50 — 👍 11 🔁 10 💬 1 📌 0

CodeQL zero to hero part 4: Gradio framework case study Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

🚀 CodeQL zero to hero part 4: Gradio case study is out! This time we dive into how I wrote CodeQL to support the @hf.co's Gradio framework, scaled the research to a thousand repositories on GitHub, and found 11 vulnerabilities.

gh.io/codeql-part-4

11.12.2024 18:59 — 👍 4 🔁 1 💬 0 📌 0

zizmor would have caught the Ultralytics workflow vulnerability

There's a great analysis here by @yossarian.net : blog.yossarian.net/2024/12/06/z...

06.12.2024 19:58 — 👍 16 🔁 3 💬 0 📌 0

@blazingwind is following 20 prominent accounts

Brett Cannon
@snarky.ca

#Python core developer who also works on packaging; works on Python stuff at #Microsoft (although this is a personal account). Proudly #Canadian.

BSides Oslo
@bsidesoslo.no

Security BSides Oslo is an independent, community-driven inclusive information security conference. As a part of the global Security BSides network, the conference creates a space for members of the international and local information security communities

Nicholas Tindle
@ntindle.com

Maintainer of AutoGPT @agpt.co github.com/ntindle

Kev
@kevinbackhouse

Darakian
@darakian

The bluesky appendage of https://github.com/darakian/

GitHub Security Lab
@securitylab.github.com

Securing open source software, together

IAMJB
@iamjbd

🤗 ML at Hugging Face 🌲 Academic Staff at Stanford University (AIMI Center) 🦴 Radiology AI is my stuff

Louis Nyffenegger
@snyff.pentesterlab.com

Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...

ϻг_ϻε
@steven.srcincite.io

Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things.

jstnkndy
@jstnkndy

Infosec professional, beverage snob, and fantasy book consumer. Vice President @ Atredis Partners. Forever terrified of Kithicor.

Sam Curry
@zlz

Luke Jahnke
@nastystereo.com

William Bowling
@vakzz

Security Engineer at Zellic, a.k.a vakzz when doing bug bounties and CTFs with Perfect Blue - https://devcraft.io

joern
@jrn

Still your mom’s favorite hacker!

Justin Steven
@justinsteven.com

smaury
@smaury

Co-Founder @shielder.com CTF Player jbz.team Cliff Jumping Lover (23mt max so far)

shubs
@shubs.io

Co-founder, security researcher. Building an attack surface management platform, @assetnote.io

Hugging Face
@hf.co

The AI community building the future!

Gradio
@gradio-hf

Build and share machine learning apps in 3 lines of Python. Part of the @Huggingface family 🤗. DMs are open for sharing your gradio app with us!

LiveOverflow 🔴
@liveoverflow

wannabe hacker... he/him 🌱 grow your hacking skills https://hextree.io