Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

A Decade of Ruby Marshal Deserialization Exploits: A History and Path Forward

2025-08-24
A Decade of Ruby Marshal Deserialization Exploits: A History and Path Forward

This article delves into the decade-long saga of Ruby Marshal module deserialization vulnerabilities. Tracing the evolution from initial bug reports in 2013 to the latest exploit techniques in 2024, it reveals a persistent cat-and-mouse game between security researchers and attackers. The author highlights the limitations of a purely patch-based approach and advocates for the eventual deprecation of the Marshal module in favor of safer alternatives, aiming to eliminate this recurring security threat.

Read more
(blog.trailofbits.com)
Development Ruby Security Deserialization Vulnerability

Image Scaling Attacks: A New Vulnerability in AI Systems

2025-08-21
Image Scaling Attacks: A New Vulnerability in AI Systems

Researchers have discovered a novel AI security vulnerability: data exfiltration can be achieved by sending seemingly harmless images to large language models (LLMs). Attackers leverage the fact that AI systems often downscale images before processing them, embedding malicious prompt injections in the downscaled version that are invisible at full resolution. This allows bypassing user awareness and accessing user data. The vulnerability has been demonstrated on multiple AI systems, including Google Gemini CLI. Researchers developed the open-source tool Anamorpher to generate and analyze these crafted images, and recommend avoiding image downscaling in AI systems or providing users with a preview of the image the model actually sees to mitigate the risk.

Read more
(blog.trailofbits.com)
AI image scaling

Exploiting EOL Network Devices: A Junkyard Competition Win

2025-07-29
Exploiting EOL Network Devices: A Junkyard Competition Win

Researchers secured second place at DistrictCon's Junkyard competition by successfully exploiting two discontinued network devices: a Netgear WGR614v9 router and a BitDefender Box V1. Their exploit chains highlighted the persistent security risks of end-of-life (EOL) hardware, where unpatched vulnerabilities remain exploitable after manufacturer support ceases. The researchers detailed multiple vulnerabilities, including authentication bypasses, buffer overflows, and command injections, leading to remote root access on both devices. This research underscores the importance of considering manufacturer support lifecycles and community firmware options when selecting devices and highlights the ongoing security challenges posed by EOL IoT devices.

Read more
(blog.trailofbits.com)
Tech

Go Parser Security Risks: Exploiting Unexpected Behaviors in JSON, XML, and YAML

2025-06-21
Go Parser Security Risks: Exploiting Unexpected Behaviors in JSON, XML, and YAML

Go's JSON, XML, and YAML parsers present security risks, allowing attackers to exploit unexpected behaviors to bypass authentication, circumvent authorization, and exfiltrate sensitive data. The post details three attack scenarios: (1) (Un)marshaling unexpected data: exposing data developers intended to be private; (2) Parser differentials: discrepancies between parsers enabling bypasses; and (3) Data format confusion: exploiting cross-format payload handling. Mitigations include using `DisallowUnknownFields` and custom functions to compensate for vulnerabilities in Go's standard library. The authors provide Semgrep rules to help detect vulnerable patterns.

Read more
(blog.trailofbits.com)
Development Go security

Passkeys: The Cryptographic Revolution in Authentication

2025-05-14
Passkeys: The Cryptographic Revolution in Authentication

This article delves into the cryptography behind passkeys, explaining how they use key pairs to create digital signatures without transmitting sensitive information to servers, thus preventing phishing and password reuse. The WebAuthn specification enhances security through origin binding, ensuring passkeys are only used on the correct website. Different authenticator types are explored, along with how WebAuthn extensions can generate and store cryptographic keys. Potential threats like browser attacks and compromised authenticators are discussed, along with mitigation strategies. While not a perfect solution, passkeys offer significantly improved security and represent a compelling future for authentication.

Read more
(blog.trailofbits.com)
Tech

PyPI's Warehouse: 81% Faster Test Suite with Simple Optimizations

2025-05-12
PyPI's Warehouse: 81% Faster Test Suite with Simple Optimizations

Trail of Bits dramatically improved the performance of PyPI's Warehouse test suite, reducing execution time from 163 seconds to 30 seconds while increasing the test count from 3,900 to over 4,700. This 81% improvement was achieved through several key optimizations: parallelizing test execution with pytest-xdist, leveraging Python 3.12's sys.monitoring for efficient coverage instrumentation, optimizing test discovery, and eliminating unnecessary imports. These techniques are readily applicable to many Python projects struggling with slow test suites, offering significant performance gains at minimal cost.

Read more
(blog.trailofbits.com)
Development Testing Optimization

PyCA Cryptography's New ASN.1 API: Speed and Security

2025-04-18

The PyCA Cryptography team is developing a new ASN.1 API using a pure Rust parser for significantly improved performance and reduced security risks from differences with other ASN.1 parsers. The new API also features a declarative dataclasses-style interface for improved code readability and maintainability. This addresses shortcomings in existing Python ASN.1 libraries regarding performance and security, and better supports emerging ecosystems like Sigstore.

Read more
(blog.trailofbits.com)
Development

North Korea's $1.5B Crypto Heist: A New Era in Exchange Security?

2025-02-22

On February 21, 2025, Bybit exchange suffered a $1.5B crypto theft, the largest in history. Attackers bypassed smart contract vulnerabilities, instead compromising multiple signers' devices using sophisticated malware to manipulate their wallet interfaces and obtain signatures without their knowledge. Investigations point to North Korean state-sponsored actors (like TraderTraitor and Jade Sleet), using advanced social engineering to target key personnel and deploying a cross-platform toolkit. This highlights the critical risk of neglecting operational security, emphasizing air-gapped signing systems, multi-factor authentication, and regular security training. Similar attacks are likely to continue unless crypto companies significantly improve their operational security practices.

Read more
(blog.trailofbits.com)
Tech crypto security North Korea hacking operational security