@ulldma profile picture
Everbest @ulldma
Joined March 2011
  • Tweets 527
  • Following 739
  • Followers 493
30 Photos and videos
Everbest retweeted
Thomas Dohmke
@ashtom
16 Jan 2025
We now provide Linux arm64 hosted runners free for all public repos. 40% performance boost. 🚀 github.blog/changelog/2025-0…

Linux arm64 hosted runners now available for free in public repositories (Public Preview) - GitHub...

Now in public preview, Linux arm64 hosted runners are available for free in public repositories. Following the release of arm64 larger hosted runners in June, this offering now extends to…

github.blog
4
38
227
18,050
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
23 Dec 2024
🎉 Excited to announce the launch of CodeQL Community Packs for Security teams and researchers! 🚀 Supercharge your code analysis with new Query, Model, and Library packs, to find more vulnerabilities, accelerate codebases audit, and secure code effortlessly. github.blog/security/vulnera…

Announcing CodeQL Community Packs

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

github.blog
1
12
39
4,991
Everbest retweeted
Louis Nyffenegger@snyff
19 Dec 2024
Probably my last CVE for the year: JWT Algorithm Confusion in a C library... github.com/xmidt-org/cjwt/se…

Algorithm Confusion Vulnerability

### Summary I'm looking at algorithm confusion vulnerabilities across a few Github repo. It seems like your library is vulnerable to this attack. ### Details Algorithm confusion occurs whe...

github.com
1
13
88
6,002
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
17 Dec 2024
29 new vulnerabilities found in GStreamer by @nosoynadiemas! Click to learn how to improve fuzzing results with custom generators. github.blog/security/vulnera…

Uncovering GStreamer secrets

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

github.blog
15
43
4,557
Everbest retweeted
GitHub Changelog
@GHchangelog
17 Dec 2024
Find and fix Actions workflows vulnerabilities with CodeQL (Public Preview) github.blog/changelog/2024-1…

Find and fix Actions workflows vulnerabilities with CodeQL (Public Preview) - GitHub Changelog

You can now enable code scanning in your GitHub Actions workflow files. By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. Actions analysis support…

github.blog
5
11
2,135
Everbest retweeted
Luke Jahnke@lukejahnke
25 Nov 2024
I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, Peter Stöckli @GHSecurityLab and @wcbowling nastystereo.com/security/rub…
2
61
203
25,937
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
25 Oct 2024
Want to learn how to secure your browser extensions? Read our latest blog post where we talk about the security model of browser extensions and how developers can keep them secure. github.blog/security/vulnera…

Attacking browser extensions

Learn about browser extension security and secure your extensions with the help of CodeQL.

github.blog
1
8
27
2,200
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
22 Oct 2024
🔒 Secure your open-source supply chain! Discover why CVEs are crucial for protecting software dependencies in @taladrane's latest blog post: github.blog/security/supply-… #Cybersecurity #OpenSource #CVEs

Open source supply chain security explained: The essential role of CVEs

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace.

github.blog
7
13
1,504
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
18 Oct 2024
GHSL-2024-127_GHSL-2024-129: Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in OpenC3 COSMOS - CVE-2024-43795, CVE-2024-46977, CVE-2024-47529 securitylab.github.com/advis…

GHSL-2024-127_GHSL-2024-129: Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in OpenC3...

Several vulnerabilities were found in OpenC3 COSMOS, a web application that is used to control satellites and test equipment. They can lead up to Remote Code Execution (RCE) via cross-site scripting...

securitylab.github.com
1
4
9
1,324
Everbest retweeted
Pedro Justo@itanium_guy
16 Oct 2024
Azure Cobalt 100-based Virtual Machines are now generally available azure.microsoft.com/en-us/bl… Crazy project with equal parts VHDX and C. Go have fun with these and let me know how that goes!

Azure Cobalt 100-based Virtual Machines are now generally available | Microsoft Azure Blog

Azure Cobalt 100 Virtual Machines, powered by custom Arm-based CPUs, are now generally available in multiple regions.

azure.microsoft.com
2
2
9
3,577
Everbest retweeted
Michael Stepankin@artsploit
3 Oct 2024
Hyped to speak at @ekoparty in November!
Ekoparty | Hacking everything
@ekoparty
2 Oct 2024
Replying to @ekoparty
1
4
25
2,812
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
6 Sep 2024
GHSL-2024-005_GHSL-2024-008: SSRF, XSS, RCE and Sensitive information disclosure in OpenHAB Web UI - CVE-2024-42467, CVE-2024-42468, CVE-2024-42469, CVE-2024-42470 securitylab.github.com/advis…

GHSL-2024-005_GHSL-2024-008: SSRF, XSS, RCE and Sensitive information disclosure in OpenHAB Web UI...

Several vulnerabilities were found in OpenHAB’s CometVisu addon, which is part of OpenHAB’s Web UI project.

securitylab.github.com
6
10
1,742
Everbest retweeted
/* BlazingWind */@BlazingWindSec
12 Aug 2024
I’ll be holding a beginner-friendly workshop at @OrangeCon_nl about finding vulnerabilities with CodeQL 😎gh.io/orangecon-codeql See vulnerabilities we’ve found with help of CodeQL: gh.io/codeql-wall-of-fame/ Perhaps by the end you might get inspired to find your own? 💪
OrangeCon@OrangeCon_nl
6 Aug 2024
🚨 Exciting News! 🚨 The schedule for #OrangeCon is now LIVE! 🎉 Check out our four tracks, packed with expert speakers and cutting-edge workshops. Get ready to elevate your #infosec skills! 🛡️🔐 Check it out now: orangecon.nl/#schedule #OrangeCon2024 #Cybersecurity #Conference
2
17
39
10,835
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
23 Aug 2024
GHSL-2024-160: Cache poisoning in JFrog Artifactory - CVE-2024-6915 securitylab.github.com/advis…

GHSL-2024-160: Cache poisoning in JFrog Artifactory - CVE-2024-6915

JFrog Artifactory is affected by an improper input validation vulnerability that allows artifact’s cache poisoning. This vulnerability only affects Artifactory instances that have at least one proxy...

securitylab.github.com
4
9
1,450
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
23 Aug 2024
GHSL-2024-093: Remote Code Execution (RCE) in Haven - CVE-2024-39906 securitylab.github.com/advis…

GHSL-2024-093: Remote Code Execution (RCE) in Haven - CVE-2024-39906

A command injection vulnerability in the IndieAuth functionality of the Haven blog web application leads to code execution when an authenticated administrator is tricked to access a crafted link.

securitylab.github.com
4
7
1,005
Everbest retweeted
Michael Stepankin@artsploit
21 Aug 2024
Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.
3
3
43
3,513
Everbest retweeted
Phrack Zine
@phrack
19 Aug 2024
The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.html
table for contents for Phrack 71

ALT table for contents for Phrack 71

15
490
1,021
163,957
Everbest retweeted
GitHub Security Lab
@GHSecurityLab
13 Aug 2024
Read on to discover how @mmolgtm exploits CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. github.blog/security/vulnera…

From object transition to RCE in the Chrome renderer

In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

github.blog
9
41
3,409
Everbest retweeted
Clint Gibler
@clintgibler
5 Aug 2024
⛓️ GitHub Artifact Attestations is now generally available Create provenance and integrity guarantees to verify what you have built within GitHub Actions can be traced back to its source code → Meets SLSA v1.0 Build Level 2 requirements github.blog/security/supply-…

Configure GitHub Artifact Attestations for secure cloud-native delivery

Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.

github.blog
10
28
2,622
Load more