Hello, and Happy Monday!

I’m of course grateful to have this outlet to share my findings and thoughts with the broader community. But, I’m really glad I switched to biweekly with the newsletter. These past two weeks have been uber-productive for both my day job and side projects!

A note on reachability analysis (using static analysis)

It’s a good feature, but damn near no one using the feature actually understands it, and I’m losing my mind hearing people say “We only remediate reachable findings.” It’s hard to blame them when the industry shouts “only prioritize reachable findings” from the mountain-tops, but the fact of the matter is that a significant percentage of findings will be labeled as “undetermined,” “maybe reachable,” or similar. These can be just as severe as reachable ones!!

Why so many undetermined? Reachability analysis is largely only effective for software libraries, which are packages you import and call directly. How much of today’s SCA findings actually stem from vulnerable libraries as opposed to frameworks, plugins, cli tools, etc.?

Looking at PyPI, there are currently ~3,900 known security advisories in the ecosystem. As an experiment, I sought to classify the affected packages listed in all the advisories as “library” or “not a library.” To do this, I used the gh CLI extension for the GitHub Models service, created system & user prompts, and used variables for the security advisory details. Each advisory was passed to the prompt for classification.

Side Note: This Models feature is pretty sweet. Free access to a nice selection of models w/o having to manage API keys for each of them 😍. Rate limiting was a bit annoying, but it’s extremely reasonable for being free.

Given this was just a first pass, I wanted to err on the side caution, and so the classification favored “library.” Even then, only 46% of affected packages were classified as “library”. Meaning reachability analysis offers no value. Some tools may try to use reachability for framework configurations, but that’s a recipe for false negatives.

Just based on personal experience, I hypothesized the correct percentage would be between 20-35%. On next pass I’d like to also include the readme contents of the package, as many advisory details defaulted to “library” because of insufficient information.

P.S. An interesting finding: TensorFlow security advisories (>400) account for over 10% of all PyPI security advisories.

Newsletter

Nx Supply Chain Attack: Malware Leaks Credentials
A compromised npm token led to publishing Nx build system packages containing malicious postinstall scripts. The script gathered credentials and then published them as an encoded string to a GitHub repo named "s1ngularity-repository" under the user’s account. Roughly 1,400 users are known to have bene impacted.

👋 Unfortunately package repositories have yet to begin leveraging provenance attestation to prevent potentially malicious package releases. E.g., if a previous release contained an attestation, and the new one does not, that’s a red flag. But npm did recently announce trusted publishing, which helps take care of the compromised npm token issue, by eliminating those tokens altogether. Unfortunately, the maintainers just hadn’t gotten around to enabling it yet, which is totally reasonable given it’s a new feature.

GitHub Releases now support immutability in public preview
🥳 My team has launched Immutable Releases in public preview, enabling repositories and organizations to lock assets and tags after publication, thereby safeguarding against supply chain tampering. This feature includes signed attestations in Sigstore bundle format for verifying asset integrity and authenticity via GitHub CLI commands.

Typosquatting the GitHub Container Registry
GitHub maintains a legitimate registry hosted at ghcr[.]io, however, as the community has recently discovered, someone is running a malicious service at ghrc[.]io. At first glance it doesn’t appear to be malicious, but as Brandon Mitchell points out, it is indeed listening for /v2/ API calls and responding with what is needed to trigger an OCI client to send credentials.

Note from Teemu, Tim, and Torin to the Open Policy Agent community
The creators of Open Policy Agent (OPA) and many Styra team members have joined Apple to continue developing OPA as an open-source solution for unified policy enforcement across cloud-native stacks, with Apple leveraging OPA for its global-scale cloud service authorization infrastructure.

Exploiting CodeRabbit: RCE and Write Access on 1M Repositories
A nasty bug in CodeRabbit’s Rubocop setup let attackers run arbitrary Ruby code that exfiltrated private keys which offered write access to over 1 million GitHub repos!

👋 CodeRabbit is the most installed AI app on GitHub & Gitlab. They failed to sandbox a tool capable of executing arbitrary code, in an environment containing a private key used to generate access tokens to all onboarded repos, that is brutal. Reportedly, Rubocop was the only tool in CodeRabbit’s arsenal that was inadequately sandboxed.

PyPI: Preventing Domain Resurrection Attacks
PyPI now monitors domain expiration to block domain resurrection attacks, where attackers buy expired domains to hijack accounts via password resets. Since June 2025, more than 1,800 email addresses have been unverified due to their associated domains expiring.

GitHub Actions policy now supports blocking and SHA pinning actions
GitHub Actions now lets organizations define policies to allow specific actions, block others, and enforce SHA pinning, ensuring workflows use trusted, pinned commits to prevent supply chain attacks.

👋 There’s a lot of room for improvements in how we consume GitHub Actions, but this is a big step in the right direction!

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

Straight to the point: Writing this newsletter takes up a tremendous amount of my time, and it’s taking away from other exciting projects. That said, I’m emotionally attached after almost two years of publishing weekly content, and so I’ll be moving to one newsletter every two weeks. Just to free up some bandwidth.

This ofc may change in the future, especially as I’m really excited about the projects I’ve been tinkering on and I want to share the excitement with you all!

Admittedly, this is in part due to hacker summer camp. I loved learning and discussing about so many projects, but there are ideas that seemingly no one else is investigating, and I want to know what the outcome would be! Which implies that I’ll have to do it myself 😄.

Newsletter

Dependabot version updates now support vcpkg
Receive automatic dependency updates for vcpkg and keep C/C++ dependencies up-to-date. Note: this is for version updates and not specifically security updates.

Preventing ZIP parser confusion attacks on Python package installers
PyPI is implementing new restrictions to prevent ZIP parser confusion attacks on package installers, specifically rejecting ZIP archives that exploit vulnerabilities in the ZIP format.

👋 uv security advisory: ZIP payload obfuscation

DALEQ: An Open-Source Tool for Assessing Java Binary Equivalence
Detailed research paper & GitHub Repo.

👋 I haven’t read this yet, but I wanted to share it because there’s clearly a growing interest in verifying reproducible builds. 👀 Really hope the industry progresses down this path!

AgentFlayer: When a Jira Ticket Can Steal Your Secrets
Marina Simakov demos how running cursor in auto-run mode and prompting it to help with handling a Jira ticket can lead to compromise.

BAXBENCH: Can LLMs Generate Correct and Secure Backends?
A new evaluation benchmark featuring 392 tasks has been developed to assess the effectiveness of large language models (LLMs) in generating secure production-quality, self-contained backend application modules. The best performing model, OpenAI o1, achieved 62% on code correctness, and around half of the correct programs contained vulnerabilities exploited by the researchers.

👋 This paper is worth a read, I’ve only skimmed it but I’ll definitely be circling back.

GitHub Copilot: putting Copilot into YOLO mode via prompt injection
wunderwuzzi23 blogs about CVE-2025-53773 where a prompt injection planted in content (e.g., source code file, web page, GitHub issue) to enter VS code into “YOLO” mode by setting “chat.tools.autoApprove”: true, in the ~/.vscode/settings.json file.

👋 Ironically, I was looking into these types of attacks this weekend. We’ve given AI the ability to create, change, and delete files. What risks are there in allowing this? Assuming there are restrictions to actions outside of the platform (or IDE), are there elements (or settings) inside the platform that can be manipulated for lateral movement? I think we’ll find many more cases like this moving forward.

GitHound: A BloodHound OpenGraph collector for GitHub
Jared Atkinson, CTO of SpectreOps, has open-sourced GitHound, a BloodHound OpenGraph collector for GitHub, designed to map your organization’s structure and permissions into a navigable attack‑path graph.

👋 I’ve not used this myself, but I’m surprised it hasn’t been met with more excitement. There’s a lot of opportunity here to gain insights into an organization’s structure, permissions, and potential attack paths on GitHub. It’s also a great example of how BloodHound can be used to detect attack paths in SaaS platforms as a whole.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

The grind continues, but will come to a halt starting tomorrow 🥲. Looking forward to some PTO before DEF CON to relax.

No CramHacks next week; see y’all at or post-Vegas! Stop by AppSec Village and catch my talk Friday morning 😁.

Meet the easiest way to secure your vibe coding. Socket MCP for Claude Desktop flags bad packages in real time — no setup required. Try it free or book a demo today.

Newsletter

Trail of Bits: We built the security layer MCP always needed
The project, mcp-context-protector, is a security wrapper for LLM apps using the Model Context Protocol (MCP). The primary goal here is to protect the LLM’s context window which is susceptible to attacks such as line jumping, also known as tool poisoning.

Line jumping occurs when an app prompts an MCP server for its tool descriptions. The descriptions are added to the model’s context window and are therefore ripe for prompt injection.

The Denylist Delusion: Cursor’s Auto-Run Leaves Agentic AI Wide Open
“we quickly realized that the denylist security feature, at least as currently implemented, was woefully inadequate, if not outright worthless.” Backslash Security Researchers Mustafa Naamneh and Micah Gold detail trivial methods for evading Cursor’s denylist feature.

Case Study: Google Secures Machine Learning Models with sigstore
Following last month’s announcement revealing the OpenSSF Model Signing (OMS) Specification, it has now been integrated into NVIDIA’s NGC and Google’s Kaggle. This means models can be signed during upload and verified at each use!

👋 I’m glad to see this for a multitude of reasons. Firstly, model tampering and untrusted provenance of models is not something we should just ignore. Secondly, we’re still relatively early in the model hub universe — could this become a requirement for major model hubs? 🤞 Thirdly, it’s just great to see how the community doesn’t want to repeat the same mistakes. We’ve spun up countless package ecosystems, we need to apply our lessons-learned to future ones!

The CISA SBOM Community is shutting down
Allan Friedman has announced his departure from CISA where he has led CISA’s efforts to advance SBOM around the globe. To most in this space, Allan and SBOMs are synonymous. He has been instrumental for building communities, spreading awareness, and bettering how we all handle software transparency. Thank you Allan for all that you’ve done! I look forward to seeing what’s next for you.

HeroDevs Announces $125 Million Strategic Growth Investment from PSG
HeroDevs has secured $125M in private equity funding to focus on growth. In addition, HeroDevs has announced that they’ve dedicated $20 million of capital towards its Open Source Sustainability Fund.

👋 The Open Source Sustainability Fund is interesting. Yes, it does put money in the pockets of open source maintainers, that’s great. But it sure seems like this is primarily a way to incentivize OSS maintainers to create customers for HeroDevs by better disclosing project versions as EoL. It’s not clear, but I suspect they also uses this fund and their relations from the fund to better support EoL versions, which is their product. I’m not familiar with the tax code, but could this maybe be a clever way to write off a chunk of the work required to offer their services?

Seal Security raises $13M Series A to automate open-source vulnerability fixes
👋 Congrats to Seal Security. I frankly don’t think vulnerabilities alone is a good enough reason to use vendor-managed OSS packages. But there seems to be a market for it.

CodeQL support for Rust now in public preview
Support for .rs, Cargo.toml extensions. Requires rustup and cargo to be installed.

CVE analytics from 1999 to 2025
👋 Jerry Gamblin has given his passion project, cve.icu, a makeover, and I love it! Every time I look at these analytics I learn something new about the CVE Program.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

This week I’ve reflected a bit on the software supply chain security space. The outcome was rather positive. Only a few years ago I struggled to find anyone who has even heard the term, eventually it became “oh, is that the SBOM stuff?”, and now I find myself in rooms with folks familiar with dependency vulnerabilities, OSS licensing, the SLSA framework, Sigstore, extension risks, etc.

Yeah, we still have a long ways to go on the technology-front, but the progress on the first stage has been tremendous: Acknowledging that we have a problem.

Newsletter

Google Gemini G-Suite Prompt Injection Vulnerability
Malicious actors can leverage white text (hidden) text in an email’s body to perform a prompt injection against the Gemini Summarize feature. You can abuse Gemini’s prompt hierarchy by wrapping the prompt injection with <Admin>. Victims are tricked into calling phone numbers, visiting URLs, and more.

👋 Google is aware of this and is regularly introducing mitigating controls, but the attack vector is reportedly still viable today.

JounQin: npm package maintainer token compromised
The npm token for a maintainer of widely used packages was compromised after falling victim to a phishing email impersonating npm. Malicious versions of popular packages eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall were published to the registry.

These packages combined receive ~100M downloads per week and each had at least one malicious version published due to this token compromise. The root cause appears to be a phishing email impersonating npm, using the domain npnjs[.]com.

👋 While I was investigating popular open source package maintainers it stood out to me how few maintainers are actually involved in the world’s most popular packages. JounQin has published 266 packages with almost 200M downloads this past week. Another maintainer, wooorm, who seems to be affiliated with JounQin somehow, has published 728 packages with 1.2B downloads this past week.

crates.io: announces trusted publishing
The latest crates.io development update includes the announcement of Trusted Publishing support via GitHub Actions! RFC here for more details. If you’re not familiar, Trusted Publishing means goodbye to long-lived tokens for package maintainers. Instead, the OIDC token generated by your workflow is used to generate a short-lived token for publishing.

👋 I love Trusted Publishing and you should too. Coming soon for npm!

Introducing OSS Rebuild: Open Source, Rebuilt to Last
Google’s Matthew Suozzo announces OSS Rebuild, a new project reproducing upstream packages. Through automations and heuristics, they’ve reproduced thousands of packages in the npm, PyPI, and crates.io ecosystems. A provenance attestation has been generated for each reproduced package & version, making it possible for consumers to verify a package’s origin.

👋 The article states it helps detect several classes of supply chain compromise, including “Stealthy Backdoors - Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds.” Not sure I’m onboard with that claim 😅. Side note, this feels awfully similar to the Assured Open Source Software product offering. I wonder if they’re using OSS Rebuild as part of that product offering.

Kubernetes Image Builder: (CVE-2025-7342) Default Creds for windows image
When using vulnerable versions of image-builder, default credentials will be applied to Windows images built using the Nutanix or OVA provider, unless explicitly overrode. This leaves nodes using these images vulnerable to unauthorized access via protocols such as ssh, RDP, and WINRM.

👋 The CVSS was rated a High (8.1), but the attack complexity was assigned “low.” I’m not sure I agree with that 🤔. Definitely feels like a critical to me.

NVIDIAScape - Critical Vulnerability: NVIDIA Container Toolkit
From Pwn2Own Berlin, Wiz has disclosed the technical details for a vulnerability exploit allowing attackers to bypass container isolation measures for root access on the host machine. The issue is introduced by how the NVIDIA Container Toolkit handles OCI hooks.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I’m in grind mode. I’ve barely been outside lately, but my excuse is that I ran out of contact lenses and moving around while wearing my glasses gives me migraines. Tomorrow I’ll be going to the optometrist and speaking at the local OWASP meetup. I’ve also finally booked my travel for Vegas next month, hope to see a bunch of y’all there!

Check out Socket’s latest blog post on North Korean threat actors leveraging malicious npm Packages. Given how active they are in this space, maybe I should ask, are any of you subscribers a North Korean package malware author? 😅 

Get the full list of malicious packages, IOCs, C2 infrastructure, and loader behaviors in this detailed breakdown of North Korea’s most persistent open source supply chain campaign to date. ➜ Read the research

Newsletter

Introducing AI agents and tools in AWS Marketplace
“AWS Marketplace now offers AI agents and tools from AWS Partners, allowing customers to find and buy third-party AI agent solutions with streamlined procurement and multiple deployment options.”

Critical RCE Vulnerability in mcp-remote: Threatens LLM Clients
Jfrog’s Or Peles discusses CVE-2025-6514, a vulnerability in the popular open source mcp-remote project. The project enables local MCP Clients that only support local servers, to connect to a Remote MCP Server. The baked-in auth support triggers the server to send an authorization_endpoint response value, which is opened by the client for the user to authenticate. Via a MiTM attack, a malicious actor can manipulate the value and leverage the file URI scheme to achieve code execution on Windows clients e.g., file:/c:/windows/system32/calc.exe?response_type=code.

Cyber Resilience Act: curl project receives risk assessment request
“As part of our ongoing efforts to comply with the EU Cyber Resilience Act (CRA), we are currently conducting a cybersecurity risk assessment of third-party software vendors whose products or components are integrated into our systems.”

👋 I can’t begin to imagine how I’d react to a message like this as an open source maintainer. Merriam-Webster says a Vendor is “one that vends : seller.” As per Daniel, the project has no contract with the f500 whom submitted the request. I wonder, how many dollars are being wasted by this entity to impose these requests on open source project maintainers? 💸 

Scanning for Post-Quantum Cryptographic (PQC) Support
Anvil Secure has launched an open-source tool pqcscan, that can determine whether SSH and TLS servers support PQC algorithms.

👋 Can’t wait for 2030, when every pentest report will include a long list of services lacking PQC support 🤦.

Making the conda(-forge) ecosystem ready for cybersecurity regulations

Bug Hunting at Scale

In preparation for my AppSec Village talk, I’ve been reviewing data relevant to scaled bug hunting in open source software (OSS). One such example of this is Alpha-Omega, an OpenSSF-associated project funded by Microsoft, Google, Amazon, and Citi.

Between 2023-2024, OpenRefactory was granted $270,000 “for the purpose of reporting security vulnerabilities at scale in open source projects and working with the maintainers to get those vulnerabilities fixed.” The scope consisted of scanning the top 10,000 Java/Python open source projects using their proprietary Intelligent Code Repair (iCR) tool and the Omega Analyzer. The scope focuses on the following security categories:

• SQL Injection

• Cross-Site Scripting (XSS)

• Command Injection

• Path Manipulation

• Deserialization

• XML External Entity (XXE) Injection

Omega Analyzer was a suite of 20+ scanners, but it hasn’t received a commit in over 2 years, so I suspect this was not used by OpenRefactory. Notes from early-on in the project suggest that the Analyzer produced too much noise.

Fortunately, this project included monthly updates that were recorded and are publicly available. 2023 & 2024

In the end, after ~18 months, the results included:

• 10,250 projects analyzed

  • Python: 9,817

  • Java: 216

  • Go: 217

• 299 total bugs

  • Python: 216

  • Java: 48

  • Go: 35 (no notes for why Go was suddenly included)

• 55 high severity bugs (language breakdown wasn’t available 🤔)

One disappointing note is that I’ve only come across two published security advisories for the submitted bugs.

1. CVE-2024-25123 for Open-MSS/MSS

2. CVE-2024-27097 for ckan

It begs the question, was it worth it? But I can’t answer that 😄. With the limited information I’ve reviewed, I’d argue that yes it was worth it, but only as an experiment. For now we know that it isn’t worth it. What feels apparent is that the scope should’ve been more carefully considered and defined. E.g., Which top 10,000 projects? At what point in time were the downloads compared? What download counts were used, and when did that evaluation occur? Which version of these projects was OpenRefactory to scan? The latest on GitHub? The latest official release? All stable releases?

In January 2024: the notes specified versions to assess “We will concentrate on the last five release branches of each of the projects.”

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

My brain has grown 10x in these past few weeks. I love learning through reading, but it simply can’t replace hands-on-keyboard time. Lately I’ve been doing exactly that; leveling up my understanding of observability, databases, kubernetes, and more. I used to dread spending countless hours on a dumb bug, but with time I’ve come to recognize how much I’ve learned from each of those moments.

Thank you Socket for sponsoring CramHacks! They’ve long been a market leader in my eyes in regard to detecting malicious packages. My suspicion is that the same can be said for their vulnerability detection and prioritization; especially given their recent Coana acquisition.

Socket is the easiest security tool you’ve ever used — trusted by 8,500+ organizations. Install the free app with zero setup, or book a demo today.

Newsletter

GitHub is launching Immutable Releases in private preview
The Package Security team is getting ready to ship Immutable Releases in private preview later this month. Both the tag and the release itself will be protected via this repository and/or org-level setting. Each immutable release will also include an auto-generated in-toto release attestation signed by GitHub and verifiable via GH CLI.

👋 I joined GitHub for the simple fact that one small feature can have an unfathomable impact on software supply chain security. Immutable Releases was well underway by the time I joined, but it brings me so much fulfillment to play a (very small) role in shipping this to users.

Investigate your dependencies with Deptective
Trail of Bits has released an open-source tool for running software when dependencies when you have no idea what shared libraries it needs. It does this by tracing the program, identifying errors, searching the Linux distribution’s index to find packages containing the desired files, and installing them. The cycle then repeats and backtracks if needed. GitHub Repo

Cloudflare Just Changed How AI Crawlers Scrape the Internet-at-Large; Permission-Based Approach Makes Way for A New Business Model
As of July 1st, Cloudflare has introduced a permission-based approach allowing customers to dictate which AI bots are authorized to crawl their site, with the option to monetize the authorization. Cloudflare is also working to better identify and authenticate the identity of bots, while categorizing them based on behavior (e.g., used for training, inference, or search).

👋 This is the most excitement I’ve seen from Cloudflare in ages. Especially with their recent launch of containers in Cloudflare Workers. They’re seemingly positioning themselves really well to be an AI powerhouse for the internet. But maybe I’m being brainwashed by marketing hype 🤫.

Data about all known supply-chain attacks through history
Thomas Strömberg has shared the data behind his CackalackyCon talk which contains details in YAML for 59 OSS incidents and 45 proprietary software incidents. The data identifies malware injection points and determined that less than 22% of incidents compromised the actual source code of the project.

👋 Thomas previously worked at Chainguard, and I suspect this research played a role in motivating them to begin building OSS packages from source. Thomas is also building a startup and is sharing regular content about the journey on LinkedIn!

The road to Top 1: How XBOW did it
👋 I think XBOW is doing great work, but I also think them temporarily being #1 on the HackerOne leaderboard is not as huge as people are making it out to be. They’ve raised nearly $120M in the last year; if you’re using HackerOne leaderboards to measure success, you better damn be number 1.

A different takeaway. . . They submitted >1,000 bugs in Q1 2025, 208 were marked as duplicates and 209 as informative. Assuming these are all legitimate vulnerabilities, imagine how frustrating this would be if they were manually found and reported 🫠.

Attackers Love Your YAML: Static Kubernetes Security Analysis for DevSecOps
Rushikesh Patil details common dangerous misconfigurations, real-world incidents, and suggests some prominent security linters for kubernetes manifest scanning.

👋 I’ve been getting in kubernetes lately and I was amazed by how quickly I could be dangerous with using it. That said, best practices aren’t abundantly obvious, and I suspect the average non-k8s expert is highly likely to introduce unnecessary risk.

Belgium is unsafe for CVD & Belgian CVD is deeply broken
Floor Terra & Piet De Vaere each published a blog post about their experience and concerns with how Belgian handles CVD (Coordinated vulnerability disclosure). It’s worth a read, but the tl;dr is that vulnerability disclosure per Belgian law mandates disclosure within 24 hours and lifelong secrecy of the issue. The disclosure also requires providing an official government identity document.

👋 In Piet’s blog, you really get a sense for how the Centre for Cybersecurity Belgium (CCB) handles these disclosures. There’ve been multiple reports of the CCB threatening legal action during responsible disclosures 🤔.

UN Open Source Week 2025

8+ hours of discussion during UN Open Source Week. If you’re into that kind of stuff, this is for you 🫡. I hope to listen to it throughout the upcoming week.

Digital Public Infrastructure Day (DPI Day), part 1

Digital Public Infrastructure Day (DPI Day), part 2

Open Source Programme Offices (OSPOs) for Good, part 1

Open Source Programme Offices (OSPOs) for Good, part 2

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

Time to start planning for DEF CON! Excited to be giving a talk at AppSec Village covering the current state of open source package vulnerabilities, ongoing efforts to improve coverage, and the challenges + shortcomings of today’s programs.

Newsletter

How We Could’ve Taken Over Every Developer Using a VSCode Fork
Koi Security researcher Oren Yomtov discloses how he compromised the entire Open VSX extensions marketplace. In short, the marketplace leverages a GitHub Actions Workflow to build and publish all extensions on a nightly basis. Because these steps were not isolated, malicious npm build scripts would have access to the secret used for publishing extensions 👀. Koi Security abused exactly this, and successfully exfiltrated the secret, a super-admin credential.

👋 “Open-VSX is a vendor-neutral open-source alternative to the Visual Studio Marketplace.” I feel like this incident has gone somewhat under the radar, maybe because people are less familiar with Open-VSX. But it’s now used by editors such as Cursor and Windsurf.

GitHub Advisory Database by the numbers
Straight from the source, GitHub Security Analyst Jonathan Evans analyzes trends in the Advisory Database such as its growth, advisory sources, and ecosystem coverage. The blog also offers insights into GitHub’s CVE contributions as the 5th largest CNA, contributing to more than 2,000 CVEs in 2024.

GitHub advisory Database distribution by ecosystem

👋 Jonathan included a table for ecosystem coverage which breaks up total advisories and affected packages; this is where I personally have a lot of concerns. For instance, Maven has 5171 total advisories, but those only relate to 955 unique packages. Similarly for Python, only 1044 unique packages have one or more advisories. Developers are drowning in security alerts when we’ve only barely scratched the surface of open source package vulnerabilities. Almost no one cares to improve this.

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets
Another interesting use case for the public GitHub Event Log. People often attempt to delete commits containing secrets and leverage force-pushes to cover up the git history; but if you have the commit hash you can still access the commit. So Sharon Brizinov scanned every force push event since 2020 and uncovered lots of secrets.

👋 The gh archive project maintains snapshots of GitHub Event Logs.

OpenSSF Community Day - Japan

Presentations have been uploaded to OpenSSF’s YouTube channel. Here are my notes for a few of the talks!

What Is This Package Even Doing? Analyzing Behaviors of Our Software Dependencies - Isaac Dawson

Isaac breaks down the GitLab Open Source Package Research (OSSPR) project and how they analyze behaviors of open source packages at scale.

• The output of tools are tagged the same as the package version and pushed to a repo, using git versioning made the most sense given most of a package’s code remains intact between versions.

• The tool libbehave leverages +130 semgrep rules per language and is looking for suspicious network requests, code execution, serialization, what frameworks are being used, and more.

• Analysis was completed for 7,245 unique packages with 930,990 total version combinations.

  • 50% of packages leverage some form of Code/OS Execution

I’m a big fan of behavioral analysis for software packages, however Isaac proved just how difficult this can be. With Isaac’s tooling, there were nearly 140 Million findings for the 7,245 packages.

The Migration To Post-Quantum Cryptography: Open-Source Innovations and Interoperability - Tony Chen

Tony recaps post-quantum cryptography (PQC) and the expected timeline. This includes ML-DSA, ML-KEM (and HQC as the declared backup algorithm), and SLH-DSA. As for timelines, NIST is leading the discussion and has declared 2030 as the target year for deprecation of RSA/ECC. Australia has also announced 2030, but for RSA, SHA-256, ECDSA, and ECDH. The UK is targeting 2035 for full migration to PQC.

Keyfactor maintains a list for completed and planned tests for interoperability & future-ready cryptography.

Tony then demos using OpenSSL to generate a ML-DSA CSR, issuing a certificate using an EST endpoint, and verifying the certificate using OpenSSL. The demo furthers into signing and verifying of a file.

True Security: Unforgeable Baseline Compliance - Adolfo García Veytia, Carabiner Systems

Puerco discusses the OSPS Baseline which is made up of ~45 controls and are intended to be realistic for even solo maintainers. The next challenge is generating a claim that states the project satisfies the baseline controls. Puerco proposes leveraging the In-Toto attestation framework and the Sigstore transparency log to generate unforgeable OSPS Baseline compliance through attested evidence.

As shown, this can be done via generating SLSA source attestations, vulnerability scan result attestations, SBOM attestations, security insights attestations, etc. for commits. Finally a SLSA build attestation can be generated; this will contain the commit for building the artifact, which can be used to link to the other attestations generated.

Puerco is working on a project, ampel, “a lightweight supply chain policy engine designed to be embedded across the software development lifecycle to make sure that source code, tools and the build environment can be trusted by verifying unforgeable metadata captured in signed attestations.” 👀 

The future is full of attestations! 🙏 

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

Several people reached out last week to tell me the newsletter said “Happy Monday.”

Story time: On the week’s most dreaded day, Friday, I found myself surrounded by coworkers greeting one-another with a “Happy Friday.”

I thought to myself, What is so good about Friday? The room went dark. Project ideas flashed before my eyes. Open issues taunted me. I realized that nothing could be worse than the weekend that soon plagued the team. That’s when it hit me, Monday is the day we should be celebrating, not this Friday thing.

From that point on, I declared that every day would be a Monday. So Happy Monday!

The healthier? version is that Mondays tend to suck, so let’s just call them Happy to trick our brain.

Newsletter

OPA Gatekeeper provider for GitHub Artifact Attestations
Now in public preview, GitHub has released an open-source external data provider for OPA Gatekeeper to enable policy evaluation based on an image's signed SLSA build provenance.

Google Cloud donates A2A to Linux Foundation
The Linux Foundation has announced the Agent2Agent project with partners: AWS, Cisco, Google, Microsoft, Salesforce, SAP, and ServiceNow.

👋 MCP is everywhere, but I’ve seen very little buzz about A2A. That said, MCP is pretty barebones and full of security issues. Will A2A be the “next-gen MCP?”

The Open Source Endowment Foundation, a US nonprofit corporation
The world’s first open source endowment whose core team consists of Konstantin Vinogradov, Chad Whitacre, Maxim Konovalov, Jonathan Starr, Amy Parker, and Vlad-Stefan Harbuz. Konstantin has a blog post What Open Source can learn from universities to fix its funding which discusses why they chose an endowment model.

Monkey-Patched PyPI Packages Steal Solana Private Keys 
Socket’s Kirill Boychenko shares why a malicious package was created, with no intention for anyone to use it directly. A package was created with a malicious __init__.py, but the objective was actually for people to install one of the five other packages created, which depend-on the malicious one. Therefore, during installation of the package, the transitive dependency would be introduced, and the malicious setup script executed, monkey-patching critical constructors that generate Solana Private Keys.

👋 Cryptocurrencies have been under siege by supply chain attacks since the beginning, but Socket is uncovering some very cool vectors. Arguably the most sophisticated attacks in the space (that are known).

Introducing Kingfisher: Real-Time Secret Detection and Validation
MongoDB released Kingfisher, an open-source project that is “a blazingly fast secret‑scanning and validation tool built in Rust.”

👋 I haven’t tested this or spoke to anyone that has, but it does seem “blazingly fast” based on the metrics. I also see it supports secrets validation and writing custom rules. Seems promising tbh.

What We Wish We Knew About Container Security
Duffie Cooley and Jed Salazar discuss container isolation, and the illusion of separation despite a shared kernel. By leveraging lightweight virtual machines, containers can be isolated even at the kernel level, with additional overhead being minimal thanks to advancements in the space.

👋 Jed Salazar is the field CTO at Edara, a company I’ve been following since Ariadne Conill announced their launch. When apple/container was released, Edara published an explainer for VM-per-container which mentions how they (and now Apple) leverage a dedicated VM per container. Side note, I’m really excited about Edara and you probably should be too.

Introducing: GitHub Device Code Phishing
Praetorian’s John Stawinski, Mason Davis, and Matt Jackoski detail how they abuse GitHub’s OAuth2 device flow during engagements. Device flow is when GitHub provides a token on one device, and you enter that token in an authenticated session on another device to grant access. Once granted, the device is now authorized to retrieve an OAuth token on behalf of the user. Pwned.

👋 People always think social engineering requires someone to provide their username and password, but that’s definitely not the case. It’s much easier to trick a user to provide a pin, especially when you direct them to legitimate URLs.

Cloudflare Containers are available in public beta
👋 This is for paid customers only. Besides the obvious use cases, the article suggests that people want to execute LLM-generated code in a sandboxed container. As are most AI things, this is a bit terrifying. But imagine building a barebones container, having a webpage with nothing but a prompt, and users being able to prompt there way to building an entire webapp, via prompts, all within that container 😎. I have no idea why you’d want to do this, but it sounds cool.

Python - Tarfile Realpath Overflow Vulnerability
Four CVEs have been assigned to Tarfile and SCA tools are going to go nuts with false positives. The vulnerabilities affect TarFile.extractall() and TarFile.extract(), primarily when setting filter="data", or filter="tar". However, filter=”data” became the default in Python version 3.14.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I hope you’re having a great week thus far. I woke up at 3am today, worked for 30 minutes, realized how ridiculous that was, and then went back to bed. No impending deadline, just kinda happened for no good reason. I’ll be disconnecting this weekend 😅.

Are You Patching KEVs That Can't Actually Hurt You?

CISA’s KEV list flags known exploited vulns, but not all of them can impact your environment.

OX’s latest research reveals why blindly patching every KEV is a waste of time — and what to do instead.

Download Now

Newsletter

Open Issue: Use a Secret in Docker Hub Webhooks for Caller validation
Scrolling LinkedIn, I noticed Jason Hall, Principal Engineer @ Chainguard, pointing out that Docker Hub webhooks don’t offer any method for validating a request’s origin (e.g., via a secret). This issue has been open since March 2020. Wild that they haven’t offered this or even publicly commented on it, AFAICT.

👋 Ironically, this was a comment on Matt Moore’s (CTO @ Chainguard) LinkedIn post suggesting that GitHub should move away from including a long-lived token in webhook requests and instead use an OIDC token. I’m 100% onboard with getting rid of long-lived tokens wherever possible.

libxml2: Triaging security issues reported by third parties
Maintainer Nick Wellnhofer shares their experience as an open source maintainer and managing security reports, ultimately deciding that security issues should be treated like any other bug — making it public immediately, and fixing it as time allows.

Nick also shares in a comment, “The point is that libxml2 never had the quality to be used in mainstream browsers or operating systems to begin with. It all started when Apple made libxml2 a core component of all their OSes. Then Google followed suit and now even Microsoft is using libxml2 in their OS outside of Edge. This should have never happened.”

👋 I always appreciate these from-the-heart threads from active maintainers. It pains me to hear about the challenges, but I don’t think most people know what these struggles look like, and so we need more discussions like this.

GerriScary: Hacking the Supply Chain of Popular Google Products
Liv Matan does it again, discovering a vulnerability that could’ve been abused to compromise of at least 18 Google projects including ChromiumOS, Chromium, Bazel, Dart and Bazel.

Dubbed GerriScary, the vulnerability was the result of misconfigurations in how project’s used Google’s Gerrit code-collaboration platform. The abused configurations are detailed here, and essentially enabled users to make commits on approved changes, without requiring a review before submission.

Netflix Vulnerability: Dependency Confusion in Action
Roni Carta and Shubs obtained remote code execution on a Netflix-owned host by processing bundled javascript in browser traffic to identify components vulnerable to dependency confusion. Once a vulnerable target was found, they published a proof-of-concept payload and waited for a ping back.

👋 The use of HAR files is super cool! If you don’t already know both Roni and Shubs, you probably should.

Scoring the quality of CVE vulnerability descriptions
Dawid Czarnecki launched a “no login required” web app for scoring CVE descriptions based on CVE.org’s phrasing guidelines.

👋 Scott Moore maintains a similar scoring system that evaluates historic CVE submissions, by CNA. Per Scott’s data, in 2025, only 750 CVEs disclosed (out of 21590) have reported all three standards: CWE, CVSS, and CPE.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I hope you’re having a great week thus far! I’ve been getting woken up every night by our cats and it has been exhausting. Not making today any easier, as I have ~5 hours of driving to do for AppSec SoCal, which is in Santa Monica.

Angular 17 reached end-of-life on May 15, 2025. Keep your applications running smoothly without rushing your migration timeline. Let us secure your open source framework and stay protected. Contact HeroDevs today.

Newsletter

Apple releases Containerization: run Linux containers on macOS
👋 I haven’t had a chance to play with this yet, but I love me a native experience. I think a lot of folks are right in that this will also benefit Docker and OrbStack users if and when they adopt this.

Poison everywhere: No output from your MCP server is safe
CyberArk Researcher Simcha Kosman details Tool Poisoning Attack (TPA), Full-Schema Poisoning (FSP), and Advanced Tool Poisoning Attacks (ATPA).

👋 Finding security risks in MCP Server implementations must feel a lot like finding vulnerabilities in Windows 95.

GitHub Releases now expose digests for release assets
If you’ve created a release on GitHub recently you may have noticed that assets now display their SHA256 checksums, which are generated at upload. The digests are accessible via the Releases REST API, GraphQL API, and the gh release view command.

👋 This is just one of the many milestones for the Immutable Releases project!

Aikido: 16 React Native Packages for GlueStack Backdoored Overnight
Security Researcher Charlie Eriksen details the malware injected into more than 16 npm packages which combined receive more than one million downloads per week.

👋 I poked around at this for a few minutes. My hypothesis, is that the npm user gluestackadmin, who is a maintainer for each of these packages, was compromised due to a leaked secret in a GH workflow. Only hours ago, Sysdig Security Researcher Stefano Chierici opened an issue in the gluestack-ui repository, reporting a vulnerability. I was hesitant to share this, but mind you this took me <15 minutes to find myself. npm trusted publishing can’t come soon enough!!

Wiz: How We Fine-Tuned a Small Language Model for Secret Detection in Code
AI Researchers Erez Harush and Daniel Lazarev details why and how they’ve fine-tuned a small language model (Llama 3.2 1B) for detecting secrets in code.

👋 They also gave a talk on this topic at BSides SF! It was neat to learn some of the design decisions and trade-offs. I wonder how many startups will fail because they don’t adopt or build more efficient models.

OpenAI - Disrupting malicious uses of AI: June 2025
Since OpenAI’s last report three months ago, their investigative teams have uncovered cases of ChatGPT accounts being used for social engineering, cyber espionage, deceptive employment schemes, covert influence operations, and scams. The full report details ten case studies, four of which are reported to originate from China. Each details the Actor, Behavior, Completions, and Impact of the activity.

👋 This is hilarious: “One user stated in a prompt that they worked for the Chinese Propaganda Department.” This wasn’t verified by OpenAI, but even so, it’s funny and I hope it’s legitimate.

Trump Amends Cybersecurity Executive Orders 13694 & 14144
👋 Relevant “fact sheet” — you’re on your own to read this one. It’s near impossible to know if any of this even matters, so I’m saving my breath 😅.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I’ve been going a bit overboard on the caffeine lately. I’ve also been processing a ridiculous amount of information thanks to writing this newsletter and my desperate need to know every little thing that happens in this industry.

This past week has undoubtedly been productive, but I’m very much looking forward to sitting at the beach and probably surfing 🏄‍♂️.

Excited to be speaking at Planet Cyber Sec AppSec SoCal next week 🥳!

Newsletter

Correctness of SBOM Generation: A Differential Analysis Approach
A study comparing SBOMs generated by Trivy, Syft, Microsoft’s sbom-tool, and GitHub’s dependency graph. The research included SBOMs from 7,876 open-source projects written in Python, Ruby, PHP, Java, Swift, C#, Rust, Golang and JavaScript — then conducting a differential analysis of results.

👋 To no surprise, the results were inconsistent and not great for confidence in SBOMs. That said, the research used dated technologies. For instance, it used Trivy v0.43 which was released in June 2023—other tool versions used also reflect June 2023 releases.

CVE/FIRST VulnCon 2025 Videos Releases
Almost 100 videos covering everything from the current state of vulnerability management, future predictions, and research on the effectiveness of methodologies.

Coming Soon: OpenID Connect (OIDC) Support for npm Registry
npm has announced that public beta for Trusted Publishing is coming (tentatively) in July 2025, joining the likes of PyPI, RubyGems, and Dart’s Pub.dev. This leverages OIDC tokens generated during CI/CD workflows to authenticate directly with the registry.

👋 For those unfamiliar, this is an alternative to using long-lived tokens for publishing packages, which are commonly abused by malicious actors. We’re still a longways away from this being reasonable audited/enforced for open source packages, but I look forward to getting there 🤞. More than 30,000 PyPI projects have voluntarily adopted Trusted Publishing to date.

How Dynamic Analysis Revealed a Complex npm Attack Chain
SafeDep’s Kunal Singh share how they used their scalable dynamic malware analysis infrastructure to reveal an npm attack chain.

👋 I was mostly interested by how the malicious package worked. Instead of containing the payload or being a simplistic dropper, it used a post-install script that writes to a .env file to set a URL that is used in the code to fetch and trigger next steps. There are so many other malicious opportunities through abusing environment variables and similar system files 👀.

NIST: Proposes New Metric - Likely Exploited Vulnerabilities (LEV)
The equation leverages historical EPSS scores to provide the probability that a vulnerability has been observed to be exploited in the wild.

👋 EPSS is improving year-after-year, but I don’t know if it’s at a place where I’d be looking to build metrics based on its data. It has plenty of faults and I fear this just adds more variability. Cool research nonetheless, and likely effective at scale.

CVE-2024-47081: Netrc credential leak in PSF requests library
A vulnerability in the popular requests library was reported back in September 2024, and has not yet been fixed, nor has it been publicly disclosed (before this week). If you maintain a .netrc file containing credentials, they will be leaked to the target host.

👋 More discussion on Hacker News. Vulnerable code snippet here.

Weaponizing Dependabot: Pwn Request at its finest
Details on how to leverage GitHub bots, such as Dependabot, for a Confused Deputy attack, bypassing PR reviews to merge malicious code.

More Links

GitHub MCP Exploited: Accessing private repositories via MCP

Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

👋 I honestly haven’t read either of these articles in-depth, but I’m not at all surprised. The world is moving too fast to be secure, and I’ve come to terms with that. What does tick me off is that many corporations, including the biggest one (the US govt) continue to cut funding on security programs. But if your business is dead, you don’t need security 🤷. Part of why I hate the instability of the tech industry — a company burning billions with a limited runway will never prioritize security.

Demonstrably Secure Software Supply Chains with Nix

Kyverno Best Practices: Policy Management That Scales in Kubernetes

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I’ve been having some great chats recently with founders and researchers in the software supply chain security space, and I’d love to keep that going! If you’d like to chat, send me a message on LinkedIn or reply to this email 🙂.

Also, here’s a Nalu update (the real reason y’all subscribed). We took her to another dog beach this weekend where she overcame her fears of the water. She swam for the first time 😅.

Photo Creds: Jillian, AKA Fiancé

Newsletter

OSS-Fuzz integrations via agent-based build generation
The latest update on leveraging AI for OSS-Fuzz integrations. The agent-based build generator takes a single input, a project URL and outputs a set of OSS-Fuzz projects with fuzzing harnesses. Testing its effectiveness included a sample of 225 projects, resulting in 88 OSS-Fuzz valid build scripts being generated.

👋 Late 2024 I spent quite a bit of time experimenting with OSS-Fuzz. Despite being a Fuzzing noob, I found that I could write basic harnesses and find meaningful crashes in test projects. That said, I experienced a lot of difficulties with onboarding projects to OSS-Fuzz. I wouldn’t have had any success if it weren’t for the AdaLogic videos; albeit I wish the documentation was more friendly.

So You’re Still Just docker build && docker push? Let’s Fix That
Kaan Yagci highlights the importance of supply chain security and offers risk mitigating suggestions (with steps) for hardening builds and deployments. This includes vulnerability scanning, SBOM generation, provenance attestations, and policy enforcement through admission controllers.

NOVA: Prompt pattern hunting to detect abuse of LLM applications
An open source prompt pattern matching system written by Thomas Roccia that can be used to detect types of prompt content, e.g., abusive usage.

👋 H/T Zack Allen for sharing this project!

US Government Launches Audit of NIST’s National Vulnerability Database
The official letter from the US Department of Commerce’s Office (DoC) of Inspector General states that the audit will begin immediately and that the objective is to “verify the effectiveness of NIST’s sustainable processes for managing NVD submission volumes, including the long-term effectiveness of its backlog reduction strategies and measures to prevent future processing delays.”

👋 My gut tells me NIST is going to get annihilated (morally) by this audit.

CycloneDX: Abandons bug bounty program funded by Sovereign Tech Fund
Maintainer Lars Francke announced on LinkedIn that the project received roughly 20 submissions, but not a single one was deemed a true positive. Per Lars, they were almost exclusively AI-generated spam reports.

👋 This project received €248,960.00 from the Sovereign Tech Fund for 2023-2024. No offense to anyone involved, but wtf… As far as I can tell, the project only supports generating CycloneDX SBOMs for Cargo based Rust projects. The last release was in November 2024 and if they’re following Semantic Versioning, they didn’t have a single stable release. I know, I’m acting like this is millions of dollars, but when it comes to open source, I do kind of expect money to go further than usual—though I probably shouldn’t.

Again, I mean no offense whatsoever. For all I know this project was a major success. And if not, I’m sure there were valuable lessons learned.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

There’s a lot going on 😮‍💨. But I had a pretty great week nonetheless, we spent lots of time with our puppy Nalu and have been going to the beach almost every day.

I’ve also been learning . . . Ruby on Rails? And . . . kind of liking it? I wasn’t expecting that given my past frustrations trying to review vulnerabilities in popular gems.

Newsletter

Microsoft SBOM Tool: SPDX 3.0 Support
As of sbom-tool v4.0.2, users can now specify the -mi:SPDX3.0 cli parameter to generate or validate SBOM’s (Software Bill of Materials) using the SPDX 3.0 spec. The tool will continue to use SPDX 2.2 by default.

Comparison of GitHub Action Scanners
Fabian Kammel published his comparison of GitHub Action Scanners: Zizmor, Poutine, Octoscan, and Snyk’s GitHub Action Scanner.

curl: Detecting malicious Unicode
Daniel Stenberg shares how curl contributor James Fuller submitted a pull-request to the project containing a unicode character that resembled its ASCII counterpart; this was for educational purposes. No human reviewer or CI job spotted the replaced character.

👋 A few weeks ago, GitHub released warnings for hidden Unicode text. However, that doesn’t help here given the character wasn’t hidden. Per the blog, “GitHub has told me they have raised this as a security issue internally and they are working on a fix.”

boostsecurity.io: Package Threat Hunter
👋 François Proulx gave a great talk at NorthSec 2025 discussing CI/CD pipeline vulnerabilities (e.g., GitHub workflows). But he also discusses a hack week project “Package Threat Hunter” that ingests the firehose of GitHub Public events in “real-time” and leverages these event details to catch build pipeline exploits. 👏

Go Cryptography Security Audit
Google contracted Trail of Bits to perform this audit: the results were 1 low-severity and 5 informational findings.

When Open Source Isn’t: How OpenRewrite Lost Its Way
Jonathan Leitschuh publicizes how Moderne silently changed OpenRewrite’s license from Apache 2.0 to Moderne Proprietary License (MPL) while highlighting the community (and his own) prior contributions that now fall under a proprietary license.

👋 This ofc isn’t the first time something like this has happened, but I’m completely shocked that there was seemingly no communication from Moderne about this change. Not good.

MCP Security Checklist: A Security Guide for the AI Tool Ecosystem
👋 SlowMist_Team released what appears (at first glance) to be a very well thought out security checklist for MCP-based tools. Per the repository, they use this checklist in their MCP security audits.

Product News

Chainguard Libraries for Python
👋 This was mentioned in last week’s newsletter, but recent LinkedIn discussions highlight some lesser-known details worth noting. Chainguard CEO Dan Lorenc shared:

• PyPI support currently covers ~15K libraries, with a goal of 30K to support 99.9% of downloads from the past year. It's unclear if this is based on Chainguard customer data. 🤔

• Java package support is closer to 30K libraries, but the percentage for 99.9% of downloads varies by ecosystem and wasn't specified for Java.

These Chainguard packages do not necessarily protect against total compromise, such as when both the source code repository and registry maintainer tokens are breached. But, Dan did mention that they are conducting some level of static analysis; so there’s a non-zero chance they will catch it.

However, many recent package compromises have stemmed from the compromise of a registry maintainer token. Chainguard packages can mitigate this risk by effectively removing the registry’s hosted package from the trust chain and rebuilding packages from source. 💡 I’m curious how they handle cases where the built package differs from what is published in the registry. What if only the source repository is compromised and a previous tag is overwritten with malware, making the published package the “safe” option? So many questions! 🤯

Docker Hardened Images: Secure, Minimal, and Ready for Production
“Docker Hardened Images start with a dramatically reduced attack surface, up to 95% smaller, to limit exposure from the outset. Each image is curated and maintained by Docker, kept continuously up to date to ensure near-zero known CVEs. They support widely adopted distros like Alpine and Debian, so teams can integrate them without retooling or compromising compatibility.”

👋 Smart move. My initial reaction was “it’s about time.”

WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE images
👋 I think Wiz has lost its way. From the time I learned about Wiz, they did very few things but did them well with an impeccable user experience. Lately everything seems to be half-baked product launches. No one can seem to find anyone willing to acknowledge or speak about their private-preview experience with WizOS.

Aikido: Changelog Analysis for Dependency Upgrades
Aikido is now leveraging AI to analyze changelogs to identify breaking changes in dependency upgrades. Comments state that they’ll be offering auto-upgrades and introducing code diff analysis w/ reachability in June.

Socket: precomputed reachability
Quick video showcasing Socket reachability in action, from a mobile device in the backseat of a car 😆. This demo shows “precomputed” reachability: “full function-level reachability analysis but performed on the full call graph _excluding) the top-level (i.e. the application code). We assume all exported functions of the direct dependencies are used (since we're not looking at the app code)”

👋 This is so simple, and I feel dumb for not thinking of it, because I think it’s a great idea. Especially given I’ve built what is essentially the same thing, but for research and not product 🤦.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I did some vibe research over the weekend because I was interested in vulnerability coverage for the most used software packages. I ended up taking the top 10,000 npm packages (by downloads) and cross-referenced with osv.dev’s npm vulnerability data.

Of the 10,000 only 421 (4.21%) have disclosed one or more vulnerabilities aggregated by Google’s osv. More than half of these have only ever had one vulnerability reported. Check out the GitHub repo for more details.

For the record, I’m not bashing the open source community here. Not long ago, this would’ve been nearly 0%. My initial motivation was to point out that folks drowning in SCA alerts are really only struggling with the tip of the iceberg. Highlighting the importance of further improving open source vulnerability disclosure data and SCA tooling.

Newsletter

👋 Side note: I know we often complain about the public sector, or at least I do 😆, but it’s pretty cool that our community has a real voice. This past week CISA announced that the KEV RSS Feed would be decommissioned. Following the community’s response, CISA issued an update:

“Update May 13: In an effort to enhance user experience and highlight the most timely and actionable information for cyber defenders, CISA announced a shift in how we share cybersecurity alerts and advisories. We recognize this has caused some confusion in the cyber community. As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.” CISA

Announcing Kyverno Release 1.14: ValidatingPolicy and ImageValidatingPolicy
Kyverno introduces specialized policy types; ValidatingPolicy centralizes validation rules into a dedicated resource type, while ImageValidatingPolicy exclusively focuses on container image verification (including signatures, SBOMs, attestations, and other artifacts).

Backdoor found in popular ecommerce components
The Sansec Forensics Team identified 21 applications affected by an identical backdoor injected six years ago, but was only recently triggered in one of their customer’s environments. Sansec estimates 500 to 1,000 ecommerce stores are running the backdoored software owned by three vendors: Tigren, Meetanshi, and MGS.

Renovate: Could you please bump that version?
Renovate has introduced generic version bumping, which enables bumping semantic versions in files or version fields that Renovate does not natively support. Sebastian Poxhofer highlights this feature in his blog, showcasing it’s usefulness for managing versions in helm charts.

XBOW: Agentic AI reaches Highest Rank on HackerOne Leaderboard
For a short while, XBOW was the highest rank on HackerOne’s Vulnerability Disclosure Program (VDP) leaderboard for Apr-June 2025.

👋 Fifty-five HackerOne bug submissions have been confirmed as valid. No, it’s not perfect, in fact more than that have been rejected. But still, I strongly believe that offensive security AI is going to raise the bar for security. Keep up with the AIxCC (DARPA’s AI Cyber Challenge) if you’re interested!

Adopting sudo-rs By Default in Ubuntu 25.10
Canonical/Ubuntu makes a major statement by introducing sudo-rs in the default Ubuntu 25.10 image. So long as testing goes well, they also plan to ship it in Ubuntu 26.04 LTS.

👋 I feel like the bigger security risk with sudo are all the niche features they’ve introduced; which they don’t plan to replicate in sudo-rs, so that’s good. I personally don’t care what language these utils are written in so long as they work. Albeit I’ll be pretty annoyed if we end up having to append -rs to every command.

LlamaFirewall: The framework to detect and mitigate AI centric security risks
Meta has released an open source framework designed to secure LLM-powered applications by mitigating risks such as prompt injection, agent misalignment, and insecure code risks (via guardrails). 👋 A more in-depth paper can be found here.

More Links

sigstore-go 1.0 is now available

[Draft] Improving Risk Management Decisions with SBOM Data

OpenSSF: Simplifying Software Component Updates

Introducing WizOS: hardened, near-zero-CVE base images

Chainguard Libraries for Python

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday! There hasn’t been much excitement, at least not technology-wise, this past week. But we do have some follow up from the hackers whom targeted the Happiest Place on Earth in 2024.

Former Disney worker sentenced to 3 years for hacking into park menus
In June 2024, a menu production manager was terminated from Disney. The former employee then accessed the internal menu-building system and modified food listings, manipulating allergen information in restaurant menus. The malicious changes did not reach customer hands 🙏.

👋 This is wild. He purposely targeted items that could harm customers with certain allergies, and even modified the menu information for wine regions to instead reflect locations of recent mass shootings.

Man Agrees to Plead Guilty to Hacking Disney Employee’s Computer
In early 2024, a California resident published a trojan to various platforms, including GitHub, advertising it as an AI art generation tool. A Disney employee fell victim to the trojan and the malicious actor gained accessed to their personal computer, including access to their password vault—including personal and work credentials.

Spring Security Vulnerability Alert

CVE-2025-22234 now threatens your authentication systems. Released April 22nd, this vulnerability breaks timing attack protection and enables username enumeration in multiple Spring versions.

Don't leave your systems exposed. HeroDevs provides immediate patches and security monitoring for all affected Spring Security versions (5.7.16-6.4.4).

GitHub: Secure Your Open Source Projects & Earn a Free Certification!
The month of May is Maintainer Month! GitHub has released three exercises for: repository management, dependency management, and secret scanning.

👋 Exercises should take about ~1 hr each, and you’ll receive a free GitHub Advanced Security certification test voucher if you complete all three 👀.

White House Proposes $500 Million Cut to CISA
The administration proposes a nearly 16% budget cut for the Cybersecurity and Infrastructure Security Agency; stating that cuts would exclusively focus on divisions tied to "censorship."

Request for Information (RFI) – Software Fast Track (SWFT) Tools
The DoD CIO is soliciting information and ideas for expediting the Authorization to Operate (ATO) process for the DoD adoption of software. They’ve “developed a voluntary procedure in which a company can provide a 3rd party produced Software Bill of Materials (SBOM) along with an independent 3rd party assessment of their software for the Department to evaluate and adopt Software faster.”

The Russian Open Source Project That We Can’t Live Without
Hunted Labs has re-ignited a sensitive topic; are we okay with state-owned Russian entities contributing to open source projects that we depend on? In this case, it’s easyjson, a package used by projects like Kubernetes.

👋 Opinions are totally my own, and I’d probably feel differently if my decision set any form of global precedent, but I personally don’t love knowing this. The original Kubernetes repo issue alludes to them not replacing it simply because of the level of effort, which I also don’t love. If there was more effort into the analysis, I’d love to see it.

More Links

CNCF Announces Graduation of in-toto Security Framework

Jury orders NSO to pay $167 million for hacking WhatsApp users

Redis 'returns' to open source with AGPL license

The Signal Clone the Trump Admin Uses Was Hacked

OIN marks 20 years of defending Linux and open source from patent trolls

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

This week I’m in NYC for a team offsite and productivity is through the roof. I freak’n love grinding in person with smart people.

RSAC 2025 Must-Read:

95% of AppSec Fixes Don’t Reduce Risk.

Focus on the critical 5% that truly matter.

Read the full AppSec Benchmark Report to learn how.

Newsletter

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
The Google Threat Intelligence Group details findings from tracking 75 zero-day vulnerabilities exploited in the wild throughout 2024.

Kali: In the coming day(s), apt update is going to fail for pretty much everyone
🤦 The Kali maintainers lost access to the signing key for its repository, so they’ve had to create a new one. Users will have to manually download and install the new key manually, or re-image their host with the updated Kali release.

A Look Into the Secrets of MCP: The New Secret Leak Source
GitGuardian Security Researcher Gaetan Ferry shines light on the risks of exposed secrets for MCP entities, and identified 202 of the 3,829 (5.2%) public MCP servers tested had leaked one or more secrets.

Everything Wrong with MCP
Shrivu Shankar discusses MCP protocol security, UI/UX limitations, and how MCP worsens LLM security, and LLM limitations.

👋 An MCP Server is intended to, but doesn’t necessarily have to be used by an LLM. I think a lot of people don’t realize that and aren’t necessarily applying the same security controls as they would a public-facing API 🙁. MCP Servers: The New Security Nightmare found 43% of tested implementations contained command injection flaws.

CNCF: Protecting NATS and the integrity of open source
NATS, a cloud and edge native messaging system, has been managed by the CNCF since 2018, after being donated by Synadia — who’ve made 97% of its server contributions. Recently, the CNCF publicly disclosed that Synadia has demanded that the nats[.]io domain and the nats-io GitHub organization be transferred back to Synadia, and that they plan to relicense the NATS server under the Business Source License (BUSL).

👋 There are still ongoing discussions: discussion thread, Synadia’s public response, Synadia’s letter from legal counsel.

CISA Warns Threat Hunting Staff to Stop Using Censys & VirusTotal
CISA Staff were notified to cease use of VirusTotal on April 20th, following its halted use of Censys in late March.

👋 I’m not following this super closely but if anyone is doing threat intelligence and malware research, I’d expect it’d be the government. News lately seems to be suggesting that’s no longer the case.

Crafting a Package Deletion Policy
OpenSSF’s Securing Software Repositories Working Group has released guidance for package registries adopting or revising a package deletion policy. The guidance suggests values to consider before deleting a given package: time, downloads, dependency status, and maintainer status

👋 So many edge cases 🫠. I’m glad to see this guidance, but I also just wish ecosystems could standardize. What I find most confusing is knowing which ecosystems support what.

Grafana: no customer impact from GitHub workflow vulnerability
On Saturday, a Grafana canary token was triggered alerting them of a potential incident. Upon investigation, they observed a malicious actor had exploited a vulnerable GitHub workflow in a public repository and exfiltrated secrets from environment variables.

👋 Red/Blue Teamers and malicious actors alike are enjoying Gato/GatoX capabilities.

XRP: Official NPM package infected with crypto stealing backdoor
The npm package xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 were compromised and found to be exfiltrating private keys to access crypto wallets.

👋 This feels like it happens weekly . . . Crypto has been a game changer for malicious actors; there’s interesting research to be done on amount of funds compromised and how threat actors have evolved, perhaps in large part due to the increased opportunity.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I’ve been thinking about software supply chain security doomsday scenarios. Although I still think you’re more likely to get popped by a malicious package versus a vulnerable one, our vulnerability coverage is wildly suboptimal. I’ll continue to argue that no good samaritans are purposely searching for vulnerabilities in non-latest versions. And barely any are looking irregardless of versions.

Something as simple as keyword searches for GitHub Issues is enough to find near endless undisclosed vulnerabilities.

Tired of chasing compliance? Concert Compliance helps SaaS companies build powerful, audit-ready programs. SOC 2, ISO 27001, PCI DSS, HIPAA — simplified.

Talk to a compliance specialist today!

Pre-RSAC Announcements:

Coana Joins Socket to Lead the Next Generation of AppSec
I was rooting for Coana to make it on their own, but I’m happy for them nonetheless. This definitely boosts Socket’s potential. Although I wonder if this means furthering their vulnerability scanning, or enhancing their malicious package detection through static analysis? Or hopefully both?

Chainguard hits $3.5 billion valuation after fundraise
I’m a fan of Chainguard, but the valuation doesn’t make much sense to me with the current product offerings. And the recent product launches seem to have flopped, at least to the public eye, but they’re likely driven by some big contracts 🤷. I do think Chainguard is in a great position to be acquired. DataDog?

Endor Labs Raises $93M Series B
The valuation is reportedly “orders of magnitude higher” than their Series A 🤷. I’m not sure if they’re pivoting, but their marketing has definitely shifted to target scanning AI-generated code, as opposed to supply chain security. This might appease hype beasts but I think it’s a bad idea.

Hopper: Out of Stealth, Into the Future of Open-Source Security
Hopper is offering function level reachability analysis. Honestly, I don’t think we need another company doing this - but I suppose there’s plenty of market potential remaining. 🤑 I still think someone needs to bootstrap an affected functions database and sell it to all these companies wanting reachability.

Newsletter

Do not run any Cargo commands on untrusted projects
Sergey "Shnatsel" Davidoff details how running Cargo commands on untrusted projects can lead to malware execution. The crux is that nearly all subcommands will trigger searching for a config.toml file which can specify an alternative (malicious) rust compiler path.

👋 This includes Cargo Audit! See directly below for more details.

I am stepping back from maintaining ‘cargo audit’
Also Shnatsel, has announced stepping away from cargo audit and the RustSec security advisory database — essentially kickstarting their deprecation.

Unauthenticated Remote Code Execution in Erlang/OTP SSH
👋 Not exactly a big internet footprint, but trivial exploit.

Poutine: scan stale branches for exploitable GH workflow vulnerabilities
👋 This is a reminder that we’re just scratching the surface of supply chain risks. Nearly every tool simply looks at the latest version or main branch. Trust me . . . there are demons in the shadows.

Case in point, How I made $64k from deleted files — a bug bounty story consisted of cloning repositories, restoring deleted files, finding dangling blobs and unpacking .pack files to search for exposed API keys, tokens, and credentials.

MCP Gateway: Monitor & Manage MCP Interactions
Lasso Security open sourced a plugin-based gateway for orchestrating MCP servers.

30+ hidden browser extensions put 4,000,000 users at risk of cookie theft
Updated list of IOCs

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

I’m looking forward to speaking at OWASP San Diego tomorrow and making more people feel like we’re all doomed thanks to supply chain security 🫠.

In all seriousness, someone recently pointed out to me how far the industry has come in just the last few years. They were totally right; I’m trying to be less pessimistic about the current state of things. But to be fair, the current state is still pretty freak’n terrible.

Special thank you to OX Security for sponsoring this week’s newsletter! Fun fact, I own a neuroscience textbook. But I’ve read maybe 20 pages . . . one day 😀.

Can too many alerts harm your well-being? 

Join neuroscientist Moshe Bar and security expert Matt Johansen (Vulnerable U) to uncover the science of alert fatigue—and how to beat it.

Register now!

Unless you live under a rock, you probably heard that MITRE was only hours away from losing funding, and no longer supporting the CVE Program. Since then, CISA has announced that funding for MITRE's contract has been extended 🎉.

This was a rollercoaster. I particularly enjoyed how those who regularly bash on the CVE Program were suddenly mad that it might no longer exist. 🤔

Has this stirred the pot and caused redundancy plans and/or privatized vulnerability databases to be more desirable? I guess we’ll find out! That said, the European Union Agency for Cybersecurity (ENISA) did just launch the European vulnerability database (EUVD). Site is currently in beta.

Newsletter

Fifty Years of Open Source Software Supply Chain Security
Russ Cox, former Tech Lead of the Go programming language team (a position he held for more than a decade 🤯) discusses the evolution of software supply chain security, and how we’ve gotten to today. Topics covered include Authenticating Software, Making Builds Reproducible, Finding and Fixing Vulnerabilities, and Funding Open Source.

👋 After reading this, I came across a recording of a talk Russ gave at ACM SCORED: Open Source Supply Chain Security at Google, in 2023. Also a fantastic resource and would make for a great lecture (IMO). I’m looking forward to the day they begin to teach supply chain security in university.

Australian Signals Directorate: Guidelines for cryptography
“Note, for interoperability and maintainability reasons, HMAC-SHA256 will not be approved beyond 2030.”

👋 Can we talk about how cyber.gov.au pages have a complexity score, and this is somehow ‘moderate’? What the heck would be hard? 😆

Anatomy of Malicious Open Source Packages
SafeDep analyzed a random sample of the DataDog Malicious Packages Dataset using its LLM-powered static analysis engine to reveal common TTPs: 78% abused npm install hooks, 65% exfiltrated system information, and 52% used code obfuscation. More stats in the full post.

“Rules Files Backdoor”: How Hackers Can Weaponize Code Agents
Pillar Security’s Ziv Karliner highlights how Cursor’s Rules file and Copilot’s instructions file can be weaponized by injecting malicious instructions. Both file types also support hidden unicode characters, making the instructions invisible to developers. They’ve also provided a tool to scan rule files for backdoors.

👋 I honestly didn’t even know about these instruction files. What happens if an open source project adds one of these to their project, with malicious instructions (e.g., sends env variables to a controlled endpoint)? 🤔 

Understanding and Preventing Open-Source Software Supply Chain Attacks
Piergiorgio Ladisa recently shared his doctoral thesis; it focuses on solidifying the basics of malware campaigns relating to open source software packages, but the depth and historical context is incredible.

👋 I’m always in awe when people can turn something fairly sophisticated and difficult to talk about, into something as simple as a tree-representation. Here’s Piergiorgio doing exactly that: Risk Explorer for Software Supply Chains

Can Lessons from Software Supply Chain Security Be Applied to MCP?
Jose Miguel Parrella considers how supply chain technologies such as trusted publishers, provenance attestations, sandboxing, and enterprise policy hooks can be applied to MCP Servers.

👋 It’s time for me to go down the AI rabbit hole. From a supply chain perspective, I’m not eager to learn more about things like model poisoning. But MCP and Google’s Agent2Agent protocol are very clearly supply chain risks, and therefore . . . I must learn. MCP is giving big “security vs convenience” vibes. The current security concerns are very much real, but the convenience is there, and therefore adoption 📈.

Threat Modeling GitHub - How vulnerable-by-design Github is?
Srajan Gupta discusses existing risks within the GitHub platform, many of which have been long-discussed, but accepted as design-tradeoffs. Topics covered include: Supply Chain Attacks, Access Control Design, GitHub Actions & CI/CD Security, Secrets Management, Repository Security Design, and SHA1 Collision attacks.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

Something to think about; is there truly a market for supply chain security? Even if so, are there other markets where supply chain security products can be better marketed?

Stacklok, the creators of trusty and minder have reportedly pivoted from supply chain security to making using AI safer and more productive for developers. Arguably still supply chain security, but with a narrower focus in a booming market.

Similarly, CrashOverride has recently rebranded, changing its focus on ingesting metadata into artifacts for supply chain security, to now building an Engineering Relations Management (ERM) solution. Connecting the dots across code, cloud, builds, deployments, and more. Which you might do by ingesting metadata into artifacts? 😅 But again, perhaps this comes with improved marketability.

A Little piece of history: npm left-pad incident
Why don’t registries allow deleting packages? Well, it’s because of history! One incident occurred in 2016, where a maintainer deleted a package after a naming dispute; the package was named kik, and the company Kik Messenger didn’t like that 😅. Upon it’s removal, thousands of software projects which depended on the package were unable to be built or installed. 🎉 

Newsletter

Git turns 20: A Q&A with Linus Torvalds
👋 The full video should be available soon (at the same link), but reading the transcript was insightful on its own. Keep in mind that I was in elementary school 20 years ago, so this is basically a history for me.

The Q&A briefly touches on the design decision to use SHA-1, a common complaint that led to a rather large transition project to instead use SHA-256. “to me, SHA-1 hashes were never about the security. It was about finding corruption.”-Linus Torvalds

tj-actions/changed-files Incident: Full Events
👋 These events took place over four months, and there were some significant gaps in activity. This is usually good signal that the threat actor is apart of some organized group, although nothing is for certain. Given prior heists targeting crypto-platforms, this won’t be the last attempt.

Audit GitHub Actions used in workflow runs for an organization, Enterprise or repository
GitHub’s Paul Hodgkinson has open-sourced an unofficial tool for auditing workflow runs; as the title suggests 😉. The tool allows for listing workflow runs between specified dates, along with the Actions, their specific versions, and commits used.

👋 There’s also a script for checking exposed secrets caused by the tj-actions/changed-files and reviewdog compromises mentioned above. I suspect this tool will come in handy.

Google announces Sec-Gemini v1, a new experimental cybersecurity model
The model reportedly outperforms others in cybersecurity benchmarks (CTI-MCQ & CTI-RCM) thanks to integrations with Google Threat Intelligence, and OSV.

👋 Currently not available to the public, but you can request early access here. I think this is too early for me to get excited over, but it’s giving me something to look forward to!

Verizon: Hacking the Call Records of Millions of Americans
Researcher Evan Connelly identified a public endpoint that leaked call logs when provided with a Verizon phone number. The endpoint is intended to be used by the Verizon Call Filter iOS app, but did not perform meaningful authorization checks, despite requiring a JWT.

#camelgate: Can't install camelcase, decamelize and other camel packages
On April 1st, the ‘camel’ keyword broke the internet. Cloudflare deployed a change to their WAF ruleset that blocked sites containing the 'camel’ keyword due to the Apache Camel Remote Code Execution vulnerability (CVE-2025-29891).

👋 I could’ve been convinced that this was an April Fools joke, but it’s not. I first heard of this because projects were failing builds due to npm registry request being blocked. But I see other platforms were affected, like Stackoverflow, where opening a question with ‘Camel’ in the name led to an error page 🤦.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.

Hello, and Happy Monday!

Life Update: We’ve built a home gym in our garage, and I’m now jacked. It has technically only been a week, but most of you will probably never see me in real life, so who cares?

We also tried to replace the sink in our bathroom. This was going great until we had a big hole in the wall and broken tiles. Computers never hurt me like home improvement projects do.

💻️ I’m working on a blog about the Go Module Mirror. TL;DR: I feel a need to understand its intentions better. One would assume that a command like, go get github.com/org/package_name would directly pull the package from GitHub, but that’s not necessarily true.

Newsletter

JFrog introduces Conan Audit to strengthen C/C++ dependency security

Hunted Labs lands $3M to find suspicious open source contributors

Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL

ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run

The OSI endorses the United Nations Open Source Principles

Postmortem on Next.js Middleware bypass

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.