Zero Days

Shai Hulud 2.0: Analysis and Community Resources

We've complied all the best tools, prevention methods and articles for responding to Shai Hulud 2.0 and share our analysis so teams can understand the…

Dec 1, 2025 • James Berthoty

Supply Chain Security is FUBAR - A Proposal for GitHub

Three things GitHub could do to vastly improve security capabilities

Mar 17, 2025 • James Berthoty

Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack

Another reason runtime security is so important, and patching ain't what it seems

Mar 15, 2025 • James Berthoty

CUPS Vulnerability Response Resources

Resources and analysis on the latest zero days: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

Sep 27, 2024 • James Berthoty

CVE-2024-6387 Response Resources - "regreSSHion"

TL;DR: Qualys research team discovered an issue where you can exploit OpenSSH with a “brute force” like timing attack from the outside.

Jul 1, 2024 • James Berthoty

Understanding the Polyfill Attack (Polykill)

And some thoughts about what it shows about our tooling trends

Jun 29, 2024 • James Berthoty

Vulnerability Management and XZ Utils - Is there any hope?

CVE-2024-3094, Open Source Security, and VulnCon - Is there any hope?

Apr 2, 2024 • James Berthoty

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts