November Tribune: Security behind passports, RCE in AI agents, and post-quantum cryptography https://t.co/hHpNYeRMfb

Funded by @OpenSSF, we've made rekor-monitor production-ready with Rekor v2 support, certificate validation, and a GitHub Actions workflow that lowers the barrier to catching compromises. https://t.co/Ll3YjGI1PJ

Monitor unauthorized uses of your identity in transparency logs with Sigstore's rekor-monitor🧵

Go ad-free on X with Premium+ Includes access to SuperGrok.

Webinar starting in 2 hours: Building end-to-end encrypted systems with our cryptographers. Join us: https://t.co/auw1F8cp1I

Building a system with E2EE? Join our cryptographers tomorrow, December 9, at 11:00 a.m. ET for a webinar on implementation patterns and formal modeling approaches, followed by a Q&A session. https://t.co/auw1F8cp1I

@ekzhang1 The @trailofbits audit led by @tjade273 for Whatsapp Private Processing (which uses NVIDIA CC) is also an excellent read:

@BlackHatEvents @kiki_morozova Paul (@paulbottinelli) breaks down how to exploit QUIC hash functions and why existing mitigations fail. You'll learn concrete techniques to identify, test for, and defend against Hash DoS in QUIC and other performance-critical protocols. https://t.co/o4M627hACd

Can it really be a coincidence? Smart Investors Hold Gold. Find out more at Goldhub

@BlackHatEvents Kikimora (@kiki_morozova) show attacks beyond AI image downscaling: sharpening transformations, dithering algorithms, and other preprocessing steps that leak malicious prompts. Walk away with how to use Anamorpher for testing your own AI systems. https://t.co/lOk7QS8F3A

We’re speaking @BlackHatEvents EU Dec 10 🧵

Interesting short blog post on how electronic passports cryptography works https://t.co/W35PS40yW1 Credits Joop van de Pol (@trailofbits) #infosec #embedded

We’re thrilled to see Slither being used by Anthropic to augment their agentic smart contract research. If you’re interested in adding Slither to your LLM-based agents or workflows, check out our newly released slither-mcp: https://t.co/SEK4mJPHs9

Trail of Bits cryptographers Marc Ilunga and Fredrik Dahlgren cover unique challenges of building E2EE systems. Dec 9 @ 11am ET. 45 mins + Q&A.

Continuous group key agreement. Device enrollment and unenrollment. Message backup. Contact discovery. Abuse reporting. E2EE problems you need to solve. 🧵

The compiler translates __builtin_ct_select across multiple architectures (x86-64, i386, ARM, AArch64) to appropriate constant-time implementations using native instructions, such as cmov or CSEL, where available, or masked arithmetic patterns elsewhere.

LLVM will soon protect cryptographic code from timing attacks at the compiler level 🧵

Stuck on holiday gifts? Skip the stress. USDA Prime steaks delivered to their door = instant win. Get 8 FREE steak burgers + free shipping ($145 value) with your order. Watch →

We’re thrilled to see Slither being used by Anthropic to augment their agentic smart contract research. If you’re interested in adding Slither to your LLM-based agents or workflows, check out our newly released slither-mcp: https://t.co/SEK4mJPHs9

The Trail of Bits Cryptography Team has released open-source pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205), 2 NIST-standardized Post-Quantum Signature Algorithms #PQC #Cryptography #Go

Finally bit the bullet and spent some time refactoring Remill's build system. It got merged and you can now use Remill with LLVM 15-21 on Windows, Linux and macos 🔥 Using Remill in your projects has always been challenging in the past and I also published a small template you

🔐 We Found Cryptography Bugs in the Elliptic Library Using Wycheproof A blog post showing how “just” leveraging Wycheproof test vectors can lead directly to CVEs:

Trail of Bits Finds Vulnerabilities in Widely Used Cryptographic Library, One of Which Still Not Fixed Over a Year Later #News