Reposted
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
blog.pypi.org/posts/2025-1...
TL,DR: Adopt Trusted Publishing 🔐🚀📦
blog.pypi.org/posts/2025-1...
PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats - The Python Package Index Blog
Shai-Hulud is a great worm, not yet a snake. Attack on npm ecosystem may have implications for PyPI.
blog.pypi.org
November 26, 2025 at 9:02 PM
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
blog.pypi.org/posts/2025-1...
TL,DR: Adopt Trusted Publishing 🔐🚀📦
blog.pypi.org/posts/2025-1...
Reposted
I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!
August 6, 2025 at 8:01 AM
I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!
Reposted
my colleague @darkamaul.bsky.social has a new blog post on the @trailofbits.bsky.social blog about how we worked with @pypi.org's maintainers to slash test times on PyPI by over 80%:
blog.trailofbits.com/2025/05/01/m...
blog.trailofbits.com/2025/05/01/m...
Making PyPI's test suite 81% faster
See how we slashed PyPI’s test suite runtime from 163 to 30 seconds.
The techniques we share can help you dramatically improve your own project’s
testing performance without sacrificing coverage.
blog.trailofbits.com
May 1, 2025 at 2:50 PM
my colleague @darkamaul.bsky.social has a new blog post on the @trailofbits.bsky.social blog about how we worked with @pypi.org's maintainers to slash test times on PyPI by over 80%:
blog.trailofbits.com/2025/05/01/m...
blog.trailofbits.com/2025/05/01/m...
Reposted
Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...
Here we go: www.romainthomas.fr/post/25-04-w...
April 28, 2025 at 12:36 PM
Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...
Here we go: www.romainthomas.fr/post/25-04-w...
Reposted
zizmor would have caught the Ultralytics workflow vulnerability https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection #security #oss
December 6, 2024 at 5:40 PM
zizmor would have caught the Ultralytics workflow vulnerability https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection #security #oss
Excited to be part of the lineup at @districtcon.bsky.social first conference! Can't wait to see everyone in Washington DC
DistrictCon Talks Have Been Selected🎙️
www.districtcon.org/speakers
Check out our incredible speaker lineup for DistrictCon 2025. Agenda (and more talk announcements) coming soon
www.districtcon.org/speakers
Check out our incredible speaker lineup for DistrictCon 2025. Agenda (and more talk announcements) coming soon
Speakers — DistrictCon
www.districtcon.org
November 27, 2024 at 9:04 AM
Excited to be part of the lineup at @districtcon.bsky.social first conference! Can't wait to see everyone in Washington DC