Quantcast
Channel: The latest on vulnerability research - The GitHub Blog
Browsing latest articles
Browse All 24 View Live

Cybersecurity spotlight on bug bounty researcher @imrerad

As we kick off Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty...

View Article


Cybersecurity spotlight on bug bounty researcher @adrianoapj

As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty...

View Article


Image may be NSFW.
Clik here to view.

From object transition to RCE in the Chrome renderer

In this post, I’ll exploit CVE-2024-5830, a type confusion bug in v8, the Javascript engine of Chrome that I reported in May 2024 as bug 342456991. The bug was fixed in version 126.0.6478.56/57. This...

View Article

Kicking off Cybersecurity Awareness Month: Researcher spotlights and...

Cybersecurity Awareness Month is a global initiative that highlights the importance of protecting our digital work. At GitHub, security is the core of how we operate. We’re proud to participate and...

View Article

Image may be NSFW.
Clik here to view.

Attacking browser extensions

Browser extensions first became mainstream in the early 2000s with their adoption by Firefox and Chromium and their popularity has been growing ever since. Nowadays, it is common for even the average...

View Article


Image may be NSFW.
Clik here to view.

CodeQL zero to hero part 4: Gradio framework case study

Gradio is a Python web framework for demoing machine learning applications, which in the past few years has exploded in popularity. In this blog, you’ll will follow along with the process, in which I...

View Article

Image may be NSFW.
Clik here to view.

Uncovering GStreamer secrets

In this blog post, I’ll show the results of my recent security research on GStreamer, the open source multimedia framework at the core of GNOME’s multimedia functionality. I’ll also go through the...

View Article

Image may be NSFW.
Clik here to view.

Announcing CodeQL Community Packs

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment the...

View Article


Image may be NSFW.
Clik here to view.

Attacks on Maven proxy repositories

As someone who’s been breaking the security of Java applications for many years, I was always curious about the supply chain attacks on Java libraries. In 2019, I accidentally discovered an arbitrary...

View Article


Image may be NSFW.
Clik here to view.

Cybersecurity researchers: Digital detectives in a connected world

Have you ever considered yourself a detective at heart? Cybersecurity researchers are digital detectives, uncovering vulnerabilities before malicious actors exploit them. To succeed, they adopt the...

View Article
Browsing latest articles
Browse All 24 View Live