cryptographic-verification

2 articles
sort: new top best
clear filter
bug-bounty517 xss286 rce150 bragging-post119 google109 account-takeover105 exploit101 open-source91 csrf85 privilege-escalation83 authentication-bypass82 microsoft80 facebook77 stored-xss75 cve71 access-control66 ai-agents64 reflected-xss63 writeup63 web-security62 malware60 ssrf53 input-validation52 smart-contract49 defi48 cross-site-scripting47 phishing47 sql-injection47 ethereum46 tool46 information-disclosure44 privacy42 api-security40 cloudflare39 apple38 web-application37 vulnerability-disclosure37 llm37 burp-suite36 dos36 opinion36 lfi36 reverse-engineering35 automation34 oauth34 smart-contract-vulnerability33 responsible-disclosure33 html-injection33 web333 browser33
0 9/10
Polygon PoS
vulnerability

A critical type-confusion vulnerability in Polygon PoS's Heimdall validator software allowed attackers to bypass event validation through unverified log event decoding, potentially enabling rogue validators to inject fraudulent stake updates and compromise the $2B+ PoS bridge. The vulnerability existed in the UnpackLog function which failed to verify event type signatures before unpacking Ethereum logs.

blockchain-security consensus-layer-attack ethereum-bridge proof-of-stake validator-compromise type-confusion event-validation polygon heimdall cross-chain-bridge cryptographic-verification off-chain-verification log-parsing-vulnerability
Polygon PoS Heimdall Ethereum Cosmos Tendermint StakeManager StakingInfo Bor Immunefi MsgStakeUpdate SideHandleMsgStakeUpdate DecodeValidatorStakeUpdateEvent UnpackLog
asymmetric.re · Barracuda3172 · 16 hours ago · details
0 7/10
Defense in Depth: A Practical Guide to Python Supply Chain Security
tutorial

Practical multi-layered defense strategy for Python supply chain security covering code linting, dependency pinning with cryptographic hashes, CVE scanning, SBOM generation, and Trusted Publishing with OIDC attestations. Includes real-world attack case studies (ctx, Ultralytics, GhostAction, Shai-Hulud) demonstrating why each defense layer is necessary.

supply-chain-security python dependency-management package-security pypi vulnerability-scanning secret-management sbom trusted-publishing oidc sigstore pip-audit ruff hash-pinning typosquatting malicious-packages github-actions-security cryptographic-verification
Bernát Gábor PyPI Ruff uv pip-audit CycloneDX Sigstore OIDC Ultralytics YOLO virtualenv tox platformdirs filelock CNCF ctx PHPass Flask Jinja2 Werkzeug MarkupSafe zizmor GhostAction Shai-Hulud
bernat.tech · gaborbernat · 2 days ago · details · hn