Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederblog.trailofbits.com
Trail of Bits Blog
Get the latest updates from Trail of Bits Blog directly as they happen.
Follow now 653 followers
Latest posts
Last updated 14 days ago
Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study
14 days ago
We created a CodeQL query that reduced 2,500+ compiler warnings about implicit...
Supply chain attacks are exploiting our assumptions
15 days ago
Supply chain attacks exploit fundamental trust assumptions in modern software development, from...
Use mutation testing to find the bugs your tests don't catch
21 days ago
Mutation testing reveals blind spots in test suites by systematically introducing bugs...
Fickling’s new AI/ML pickle file scanner
23 days ago
We’ve added a pickle file scanner to Fickling that uses an allowlist...
How Sui Move rethinks flash loan security
29 days ago
Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance...
Safer cold storage on Ethereum
about 1 month ago
By using smart contract programmability, exchanges can build custody solutions that remain...
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
about 1 month ago
A vulnerability in Electron applications allows attackers to bypass code integrity checks...
Intern projects that outlived the internship
about 1 month ago
Our business operations intern at Trail of Bits built two AI-powered tools...
Implement EIP-7730 today
about 1 month ago
EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind...
Speedrunning the New York Subway
about 1 month ago
We optimized the route for visiting every NYC subway station using algorithms...
Weaponizing image scaling against production AI systems
about 2 months ago
In this blog post, we’ll detail how attackers can exploit image scaling...
Marshal madness: A brief history of Ruby deserialization exploits
about 2 months ago
This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating...