We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.

Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) that…

The new release (38.0) brings Kubeshark scalability to a whole new level, introducing a new distributed PCAP storage system, DNS support, TCP/UDP stream replay, historic traffic snapshot and much more.

Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...

Andreas Happe sometimes blogs about development, life or security.

As we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled breadth of experience in the PDF space, and we are looking forward…

A light exploration into how abstractions harm ASAN's effectiveness

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.