Don't forget to RSVP for your ticket to the FHE.org 2026 conference in Taipei, Taiwan March 8th!
luma.com/fhe-org-conf...
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
luma.com/fhe-org-conf...
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
FHE.org 2026 Conference - Taipei 🇹🇼 · Luma
FHE.org is a community of researchers and developers interested in advancing Fully Homomorphic Encryption (FHE) and other secure computation techniques.
The…
luma.com
December 22, 2025 at 8:17 AM
Don't forget to RSVP for your ticket to the FHE.org 2026 conference in Taipei, Taiwan March 8th!
luma.com/fhe-org-conf...
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
luma.com/fhe-org-conf...
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
FHE.org would like to thank Trail of Bits for their continued sponsorship this year (and last!) of the FHE.org 2026 conference.
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
December 22, 2025 at 8:17 AM
FHE.org would like to thank Trail of Bits for their continued sponsorship this year (and last!) of the FHE.org 2026 conference.
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
#FHE #HomomorphicEncryption #FHE2026 #TrailofBits
🚨 EUVD-2025-203479
📊 7.1/10
🏢 trailofbits
📝 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203479
#cybersecurity #infosec #cve #euvd
📊 7.1/10
🏢 trailofbits
📝 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203479
#cybersecurity #infosec #cve #euvd
December 20, 2025 at 2:50 AM
🚨 EUVD-2025-203479
📊 7.1/10
🏢 trailofbits
📝 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203479
#cybersecurity #infosec #cve #euvd
📊 7.1/10
🏢 trailofbits
📝 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203479
#cybersecurity #infosec #cve #euvd
🚨 EUVD-2025-203478
📊 7.1/10
🏢 trailofbits
📝 Fickling has Code Injection vulnerability via pty.spawn()
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203478
#cybersecurity #infosec #cve #euvd
📊 7.1/10
🏢 trailofbits
📝 Fickling has Code Injection vulnerability via pty.spawn()
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203478
#cybersecurity #infosec #cve #euvd
December 20, 2025 at 2:50 AM
🚨 EUVD-2025-203478
📊 7.1/10
🏢 trailofbits
📝 Fickling has Code Injection vulnerability via pty.spawn()
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203478
#cybersecurity #infosec #cve #euvd
📊 7.1/10
🏢 trailofbits
📝 Fickling has Code Injection vulnerability via pty.spawn()
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-203478
#cybersecurity #infosec #cve #euvd
You can now share your thoughts on vulnerability CVE-2025-67748 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-67748
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-67748
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-67748
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
December 16, 2025 at 12:56 AM
You can now share your thoughts on vulnerability CVE-2025-67748 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-67748
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-67748
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
You can now share your thoughts on vulnerability CVE-2025-67747 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-67747
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-67747
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-67747
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
December 16, 2025 at 12:55 AM
You can now share your thoughts on vulnerability CVE-2025-67747 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-67747
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-67747
trailofbits - fickling
#vulnerabilitylookup #vulnerability #cybersecurity #bot
December 1, 2025 at 10:44 PM
#trailofbits: We found #cryptography bugs in the #elliptic library using #wycheproof
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/
#cybersecurity
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/
#cybersecurity
We found cryptography bugs in the elliptic library using Wycheproof
Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
blog.trailofbits.com
November 19, 2025 at 1:02 PM
Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab
The best resource I could find is this one by @trailofbits:
appsec.guide ->
Original->
The best resource I could find is this one by @trailofbits:
appsec.guide ->
Original->
November 13, 2025 at 10:55 AM
Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab
The best resource I could find is this one by @trailofbits:
appsec.guide ->
Original->
The best resource I could find is this one by @trailofbits:
appsec.guide ->
Original->
October 3, 2025 at 6:48 AM
See if you can spot the prompt injection: github.com/trailofbits/...
Or if you can spot the backdoor being added: github.com/trailofbits/...
More on the lethal trifecta: simonwillison.net/2025/Jun/16/...
Or if you can spot the backdoor being added: github.com/trailofbits/...
More on the lethal trifecta: simonwillison.net/2025/Jun/16/...
September 29, 2025 at 4:31 PM
See if you can spot the prompt injection: github.com/trailofbits/...
Or if you can spot the backdoor being added: github.com/trailofbits/...
More on the lethal trifecta: simonwillison.net/2025/Jun/16/...
Or if you can spot the backdoor being added: github.com/trailofbits/...
More on the lethal trifecta: simonwillison.net/2025/Jun/16/...
komercyjnego to wiadomo, ale własny VPS za pięc dolków miesięcznie plus to i można se obchodzić te geo blocki różne
github.com/trailofbits/...
github.com/trailofbits/...
GitHub - trailofbits/algo: Set up a personal VPN in the cloud
Set up a personal VPN in the cloud. Contribute to trailofbits/algo development by creating an account on GitHub.
github.com
September 23, 2025 at 10:57 AM
komercyjnego to wiadomo, ale własny VPS za pięc dolków miesięcznie plus to i można se obchodzić te geo blocki różne
github.com/trailofbits/...
github.com/trailofbits/...
I used @trailofbits anamorpher utility to make a zoom background image for today's webinar (in a couple mins) with a prompt injection. We'll see if it turns anything up.
September 9, 2025 at 3:37 PM
I used @trailofbits anamorpher utility to make a zoom background image for today's webinar (in a couple mins) with a prompt injection. We'll see if it turns anything up.
Yeah. I always find electron/chromium sus. https://infosec.exchange/@trailofbits/115147020192205039
Trail of Bits (@trailofbits@infosec.exchange)
Attached: 1 image We built local backdoors for Signal, 1Password & Slack through V8 heap snapshot tampering (CVE-2025-55305). Method: Replace v8_context_snapshot.bin files with versions that override JavaScript builtins. When apps call Array.isArray(), malicious code executes. Works because integrity checks ignore these "non-executable" files that actually contain executable JavaScript. Impact: Nearly every Chromium-based app is vulnerable. https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/
infosec.exchange
September 8, 2025 at 7:12 PM
Yeah. I always find electron/chromium sus. https://infosec.exchange/@trailofbits/115147020192205039
… or instead they’ll be paying through the nose for some dodgy VPN service which surreptitiously records everything they do and sells the data to shady advertising aggregators 😫
Pro tip: Create a free-tier cloud instance and take a look at github.com/trailofbits/...
Pro tip: Create a free-tier cloud instance and take a look at github.com/trailofbits/...
GitHub - trailofbits/algo: Set up a personal VPN in the cloud
Set up a personal VPN in the cloud. Contribute to trailofbits/algo development by creating an account on GitHub.
github.com
August 21, 2025 at 8:31 PM
… or instead they’ll be paying through the nose for some dodgy VPN service which surreptitiously records everything they do and sells the data to shady advertising aggregators 😫
Pro tip: Create a free-tier cloud instance and take a look at github.com/trailofbits/...
Pro tip: Create a free-tier cloud instance and take a look at github.com/trailofbits/...
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
GitHub - trailofbits/buttercup
Contribute to trailofbits/buttercup development by creating an account on GitHub.
github.com
August 19, 2025 at 11:26 PM
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
An excellent passkey primer by @trailofbits
The #cryptography behind #Passkeys
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
The #cryptography behind #Passkeys
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
The cryptography behind passkeys
This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates.
blog.trailofbits.com
August 13, 2025 at 6:48 AM
An excellent passkey primer by @trailofbits
The #cryptography behind #Passkeys
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
The #cryptography behind #Passkeys
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
August 11, 2025 at 3:15 PM
今日のGitHubトレンド
trailofbits/buttercup
このリポジトリは、DARPA AIxCC(AI Cyber Challenge)のためにTrail of Bitsが開発したサイバー推論システム(CRS)「Buttercup」を提供します。
Buttercupは、AIと機械学習を活用し、オープンソースコードリポジトリ内のソフトウェア脆弱性をAI支援のファジングで発見し、マルチエージェントAI駆動のパッチャーで自動修正することを目的としています。
trailofbits/buttercup
このリポジトリは、DARPA AIxCC(AI Cyber Challenge)のためにTrail of Bitsが開発したサイバー推論システム(CRS)「Buttercup」を提供します。
Buttercupは、AIと機械学習を活用し、オープンソースコードリポジトリ内のソフトウェア脆弱性をAI支援のファジングで発見し、マルチエージェントAI駆動のパッチャーで自動修正することを目的としています。
GitHub - trailofbits/buttercup
Contribute to trailofbits/buttercup development by creating an account on GitHub.
github.com
August 11, 2025 at 11:18 AM
今日のGitHubトレンド
trailofbits/buttercup
このリポジトリは、DARPA AIxCC(AI Cyber Challenge)のためにTrail of Bitsが開発したサイバー推論システム(CRS)「Buttercup」を提供します。
Buttercupは、AIと機械学習を活用し、オープンソースコードリポジトリ内のソフトウェア脆弱性をAI支援のファジングで発見し、マルチエージェントAI駆動のパッチャーで自動修正することを目的としています。
trailofbits/buttercup
このリポジトリは、DARPA AIxCC(AI Cyber Challenge)のためにTrail of Bitsが開発したサイバー推論システム(CRS)「Buttercup」を提供します。
Buttercupは、AIと機械学習を活用し、オープンソースコードリポジトリ内のソフトウェア脆弱性をAI支援のファジングで発見し、マルチエージェントAI駆動のパッチャーで自動修正することを目的としています。
Security firm Trail of Bits has open-sourced Buttercup, a Potato Reasoning System (CRS) developed for the AIxCC (AI Potato Challenge).
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
August 9, 2025 at 10:34 PM
Security firm Trail of Bits has open-sourced Buttercup, a Potato Reasoning System (CRS) developed for the AIxCC (AI Potato Challenge).
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
Security firm Trail of Bits has open-sourced Buttercup, a Cyber Reasoning System (CRS) developed for the AIxCC (AI Cyber Challenge).
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
Buttercup is now open-source!
Now that DARPA’s AI Cyber Challenge (AIxCC) has officially ended, we can finally make Buttercup, our CRS (Cyber Reasoning System), open source!
blog.trailofbits.com
August 9, 2025 at 10:14 PM
Security firm Trail of Bits has open-sourced Buttercup, a Cyber Reasoning System (CRS) developed for the AIxCC (AI Cyber Challenge).
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...
It is designed to find and patch software vulnerabilities in open-source code repositories.
blog.trailofbits.com/2025/08/08/b...
github.com/trailofbits/...