sayzardJan 23

Dan Guido (@dguido)

Trail of Bits의 보안 감사(skills)를 활용해 Anthropic의 Claude에게 버그 헌터 역할을 가르치려는 시도에 대한 언급. 보안 감사 지식을 Claude에 접목해 취약점 탐지·버그 헌팅에 특화된 모델 활용 사례를 제안하는 내용.

https://x.com/dguido/status/2014429019622527017

#security #auditing #claude #trailofbits #bugbounty

Dan Guido (@dguido) on X

@mattshumer_ The @trailofbits security auditing skills! Teach Claude to be an expert bug hunter: https://t.co/vI4amorZrc

X (formerly Twitter)
The New OilJan 19

Lack of isolation in #agentic browsers resurfaces old vulnerabilities

https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/

#cybersecurity #AI #TrailOfBits

Lack of isolation in agentic browsers resurfaces old vulnerabilities

We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.

The Trail of Bits Blog
N-gated Hacker NewsJan 7
👨‍💻 Wow, an "amazing" discovery: code has bugs 🐞—who would've guessed?! 🎉 Trail of Bits bravely announces they used a tool to find issues, as if highlighting a #zero-day is akin to finding Waldo in a single-page book. 🤦‍♂️
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/ #amazingdiscovery #codebugs #TrailofBits #findings #softwareissues #HackerNews #ngated
We found cryptography bugs in the elliptic library using Wycheproof

Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.

The Trail of Bits Blog
Hacker NewsJan 7

We found cryptography bugs in the elliptic library using Wycheproof

https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/

#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits

We found cryptography bugs in the elliptic library using Wycheproof

Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.

The Trail of Bits Blog
FHE.orgDec 22

FHE.org would like to thank Trail of Bits for their continued sponsorship this year (and last!) of the FHE.org 2026 conference.

Sponsorships like Trail of Bits' make it possible to provide a high quality conference with great speakers and to waive registration fees for all students.

Find out more information about Trail of Bits at https://trailofbits.com.

Don't forget to RSVP for your ticket to the FHE.org 2026 conference in Taipei, Taiwan March 8th!

https://luma.com/fhe-org-conference-2026-tickets

#FHE #HomomorphicEncryption #FHE2026 #TrailofBits

The New OilNov 19

#TrailOfBits: We found #cryptography bugs in the #elliptic library using #Wycheproof

https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/

#cybersecurity

We found cryptography bugs in the elliptic library using Wycheproof

Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.

The Trail of Bits Blog
Hacker NewsApr 18, 2025

A New ASN.1 API for Python

https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/

#HackerNews #ASN1 #Python #API #TrailOfBits #Programming #News #Tech

Sneak peek: A new ASN.1 API for Python

We’re working on integrating an ASN.1 API into PyCA Cryptography, built on top of the same Rust ASN.1 implementation already used by Cryptography’s X.509 APIs.

The Trail of Bits Blog
stfJan 20, 2025

huh #trailofbits did an audit of #simplex - only the "protocol spec" https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf

quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?

simplex-chat/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf at stable · simplex-chat/simplex-chat

SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱! - simplex-chat/simplex-chat

GitHub
Blue DeviL // SCTNov 5, 2024

A deep dive into Linux’s new mseal syscall

https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/

#trailofbits

A deep dive into Linux’s new mseal syscall

If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including […]

The Trail of Bits Blog
Tarnkappe.infoJan 17, 2024
📬 LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen
#ITSicherheit #AMD #Apple #CPUs #HeidyKhlaaf #LeftoverLocals #ProofofConcept #Qualcomm #Sicherheitslücke #TrailofBits https://sc.tarnkappe.info/af0398
LeftoverLocals: Apple, AMD und Qualcomm GPUs von Sicherheitslücke betroffen

Experten haben eine Schwachstelle namens LeftoverLocals entdeckt. Sie ermöglicht das Auslesen von Daten aus GPUs von Apple, Qualcomm und AMD

Tarnkappe.info