Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder

blog.trailofbits.com

Trail of Bits Blog

Get the latest updates from Trail of Bits Blog directly as they happen.

Follow now 649 followers

Latest posts

Last updated 5 days ago

How Sui Move rethinks flash loan security

5 days ago

Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance...

Safer cold storage on Ethereum

10 days ago

By using smart contract programmability, exchanges can build custody solutions that remain...

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

12 days ago

A vulnerability in Electron applications allows attackers to bypass code integrity checks...

Intern projects that outlived the internship

18 days ago

Our business operations intern at Trail of Bits built two AI-powered tools...

Implement EIP-7730 today

19 days ago

EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind...

Speedrunning the New York Subway

21 days ago

We optimized the route for visiting every NYC subway station using algorithms...

Weaponizing image scaling against production AI systems

25 days ago

In this blog post, we’ll detail how attackers can exploit image scaling...

Marshal madness: A brief history of Ruby deserialization exploits

27 days ago

This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating...

Trail of Bits' Buttercup wins 2nd place in AIxCC Challenge

about 1 month ago

Our team won the runner-up prize of $3M at DARPA’s AI Cyber...

Buttercup is now open-source!

about 1 month ago

Now that DARPA’s AI Cyber Challenge (AIxCC) has officially ended, we can...

AIxCC finals: Tale of the tape

about 1 month ago

While the AIxCC winner has not yet been announced, differences in the...

Prompt injection engineering for attackers: Exploiting GitHub Copilot

about 1 month ago

Prompt injection pervades discussions about security for LLMs and AI agents. But...