Kev
@kevinbackhouse.bsky.social
Reposted by Kev
Georg Semmler, the maintainer of github.com/diesel-rs/di... and one of the recent participants in the GitHub Secure Open Source Fund, has written a tool called cargo-safe-publish that helps protect against supply chain attacks in the Rust Cargo ecosystem. Read more: blog.weiznich.de/blog/cargo-s...
Introducing cargo safe-publish
About ways to publish unexpected code to crates.io
blog.weiznich.de
September 2, 2025 at 6:37 PM
Georg Semmler, the maintainer of github.com/diesel-rs/di... and one of the recent participants in the GitHub Secure Open Source Fund, has written a tool called cargo-safe-publish that helps protect against supply chain attacks in the Rust Cargo ecosystem. Read more: blog.weiznich.de/blog/cargo-s...
Reposted by Kev
VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.
August 27, 2025 at 4:26 PM
VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.
Reposted by Kev
New vuln from the GitHub Security Lab 🔍
Antonio + Kev team up to uncover CVE-2025-53367 — an out-of-bounds write in DjVuLibre that could lead to code execution on Linux desktops.
Found via fuzzing.
🧠 Read the announcement: github.blog/security/vul...
Antonio + Kev team up to uncover CVE-2025-53367 — an out-of-bounds write in DjVuLibre that could lead to code execution on Linux desktops.
Found via fuzzing.
🧠 Read the announcement: github.blog/security/vul...
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
github.blog
July 4, 2025 at 9:43 AM
New vuln from the GitHub Security Lab 🔍
Antonio + Kev team up to uncover CVE-2025-53367 — an out-of-bounds write in DjVuLibre that could lead to code execution on Linux desktops.
Found via fuzzing.
🧠 Read the announcement: github.blog/security/vul...
Antonio + Kev team up to uncover CVE-2025-53367 — an out-of-bounds write in DjVuLibre that could lead to code execution on Linux desktops.
Found via fuzzing.
🧠 Read the announcement: github.blog/security/vul...
Reposted by Kev
Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...
Bypassing MTE with CVE-2025-0072
See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
github.blog
May 23, 2025 at 2:52 PM
Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...
Reposted by Kev
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
March 13, 2025 at 4:08 PM
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
Reposted by Kev
If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).
github.blog/security/sig...
github.blog/security/sig...
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
github.blog
March 12, 2025 at 9:50 PM
If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).
github.blog/security/sig...
github.blog/security/sig...
Reposted by Kev
In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
github.blog
March 12, 2025 at 9:34 PM
In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...
Reposted by Kev
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
January 22, 2025 at 6:16 PM
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...