Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder

blog.trailofbits.com

Trail of Bits Blog

Get the latest updates from Trail of Bits Blog directly as they happen.

Follow now 653 followers

Latest posts

Last updated 14 days ago

Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study

14 days ago

We created a CodeQL query that reduced 2,500+ compiler warnings about implicit...

Supply chain attacks are exploiting our assumptions

15 days ago

Supply chain attacks exploit fundamental trust assumptions in modern software development, from...

Use mutation testing to find the bugs your tests don't catch

21 days ago

Mutation testing reveals blind spots in test suites by systematically introducing bugs...

Fickling’s new AI/ML pickle file scanner

23 days ago

We’ve added a pickle file scanner to Fickling that uses an allowlist...

How Sui Move rethinks flash loan security

29 days ago

Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance...

Safer cold storage on Ethereum

about 1 month ago

By using smart contract programmability, exchanges can build custody solutions that remain...

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

about 1 month ago

A vulnerability in Electron applications allows attackers to bypass code integrity checks...

Intern projects that outlived the internship

about 1 month ago

Our business operations intern at Trail of Bits built two AI-powered tools...

Implement EIP-7730 today

about 1 month ago

EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind...

Speedrunning the New York Subway

about 1 month ago

We optimized the route for visiting every NYC subway station using algorithms...

Weaponizing image scaling against production AI systems

about 2 months ago

In this blog post, we’ll detail how attackers can exploit image scaling...

Marshal madness: A brief history of Ruby deserialization exploits

about 2 months ago

This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating...