Tag: Github
-
Attacking browser extensions
Browser extensions first became mainstream in the early 2000s with their adoption by Firefox and Chromium and their popularity has been …
-
Cybersecurity spotlight on bug bounty researcher @adrianoapj
As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security …
-
Securing the open source supply chain: The essential role of CVEs
As security continues to shift left, developers are increasing as the first line of defense against vulnerabilities. In fact, open source …
-
The second half of software supply chain security on GitHub
Software supply chain security has rocketed into the public consciousness after a major cybersecurity attack against the U.S. federal …
-
Cybersecurity spotlight on bug bounty researcher @imrerad
As we kick off Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security …
-
Kicking off Cybersecurity Awareness Month: Researcher spotlights and additional incentives!
Cybersecurity Awareness Month is a global initiative that highlights the importance of protecting our digital work. At GitHub, security is …
-
From object transition to RCE in the Chrome renderer
In this post, I’ll exploit CVE-2024-5830, a type confusion bug in v8, the Javascript engine of Chrome that I reported in May 2024 as bug …
-
Configure GitHub Artifact Attestations for secure cloud-native delivery
When deploying in a truly cloud-native way, we need to ensure that we can trust what we’re deploying at every step of our supply chain. …
-
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 …
-
10 years of the GitHub Security Bug Bounty Program
Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program. In 2014, we launched the program to …
-
Introducing Artifact Attestations–now in public beta
There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to …
-
Where does your software (really) come from?
Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the …
●●●