Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederblog.trailofbits.com
Trail of Bits Blog
Get the latest updates from Trail of Bits Blog directly as they happen.
Follow now 649 followers
Latest posts
Last updated 5 days ago
How Sui Move rethinks flash loan security
5 days ago
Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance...
Safer cold storage on Ethereum
10 days ago
By using smart contract programmability, exchanges can build custody solutions that remain...
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
12 days ago
A vulnerability in Electron applications allows attackers to bypass code integrity checks...
Intern projects that outlived the internship
18 days ago
Our business operations intern at Trail of Bits built two AI-powered tools...
Implement EIP-7730 today
19 days ago
EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind...
Speedrunning the New York Subway
21 days ago
We optimized the route for visiting every NYC subway station using algorithms...
Weaponizing image scaling against production AI systems
25 days ago
In this blog post, we’ll detail how attackers can exploit image scaling...
Marshal madness: A brief history of Ruby deserialization exploits
27 days ago
This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating...
Trail of Bits' Buttercup wins 2nd place in AIxCC Challenge
about 1 month ago
Our team won the runner-up prize of $3M at DARPA’s AI Cyber...
Buttercup is now open-source!
about 1 month ago
Now that DARPA’s AI Cyber Challenge (AIxCC) has officially ended, we can...
AIxCC finals: Tale of the tape
about 1 month ago
While the AIxCC winner has not yet been announced, differences in the...
Prompt injection engineering for attackers: Exploiting GitHub Copilot
about 1 month ago
Prompt injection pervades discussions about security for LLMs and AI agents. But...