Georg Semmler, the maintainer of github.com/diesel-rs/di... and one of the recent participants in the GitHub Secure Open Source Fund, has written a tool called cargo-safe-publish that helps protect against supply chain attacks in the Rust Cargo ecosystem. Read more: blog.weiznich.de/blog/cargo-s...

VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.

New vuln from the GitHub Security Lab 🔍 Antonio + Kev team up to uncover CVE-2025-53367 — an out-of-bounds write in DjVuLibre that could lead to code execution on Linux desktops. Found via fuzzing. 🧠 Read the announcement: github.blog/security/vul...

Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292). github.blog/security/sig...

In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...