Clik here to view.
Uncovering GStreamer secrets
In this blog post, I’ll show the results of my recent security research on GStreamer, the open source multimedia framework at the core of GNOME’s multimedia functionality. I’ll also go through the...
View ArticleClik here to view.
Announcing CodeQL Community Packs
We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment the...
View ArticleClik here to view.
Attacks on Maven proxy repositories
As someone who’s been breaking the security of Java applications for many years, I was always curious about the supply chain attacks on Java libraries. In 2019, I accidentally discovered an arbitrary...
View ArticleClik here to view.
Cybersecurity researchers: Digital detectives in a connected world
Have you ever considered yourself a detective at heart? Cybersecurity researchers are digital detectives, uncovering vulnerabilities before malicious actors exploit them. To succeed, they adopt the...
View ArticleClik here to view.
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was...
View ArticleClik here to view.
A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
Imagine this: You’re sipping your morning coffee and scrolling through your emails, when you spot it—a vulnerability report for your open source project. It’s your first one. Panic sets in. What does...
View Article