Trail of Bits

We reported a chain of CVEs to Apple, reviewed anti-cheat measures for ~5M Monopoly GO! players, and published the Custodial Stablecoin Rekt Test for evaluating issuer security. Read the June Tribune: mailchi.mp/trailofbits/tr…

ToB vs. Alex Aiken's PhD students

TOOL RELEASE: Detect plagiarized code even when variable names change and comments disappear. Vendetect uses semantic fingerprinting to catch copied code that traditional tools miss. blog.trailofbits.com/2025/07/21/det…

I feel like ToB are the only ones covering attacks against/via MCP - it's such a fascinating new attack surface that we're going to have to contend with more and more I feel

Pwndbg makes GDB and LLDB debugging actually usable for security research. @disconnect3d_pl shows stack canary analysis, heap inspection, and exploit development @europython today at 10:30 AM GMT+2 ep2025.europython.eu/session/pwndbg…

Security questions? Our researchers and interns are @SummerC0n through tomorrow. See you there 👋

📚 tl;dr sec 287 ☁️ fwd:cloudsec Talk Recordings, 🛡️ How Figma Only Runs Approved Software, 🤖 Auditing Code with AI Join Scott Behrens and me: How to do Secure Code Review with Vibe Coding IDEs! Hundreds of people have already signed up 🤯 tldrsec.com/p/tldr-sec-287

Cryptography & Security Newsletter is out! In this issue: - Internet PKI to Integrate DNSSEC - Short News feistyduck.com/newsletter/iss…

Google paid Trail of Bits to audit Go cryptography. The results are good. go.dev/blog/tob-crypt…