Le #SSTIC ne semble toujours pas sur BlueSky 😢
Programme en ligne :
www.sstic.org/2026/program...

Dependency cooldowns, redux
https://blog.yossarian.net/2025/12/13/cooldowns-redux
#security #oss

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats - The Python Package Index Blog Shai-Hulud is a great worm, not yet a snake. Attack on npm ecosystem may have implications for PyPI.

There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.

TL,DR: Adopt Trusted Publishing 🔐🚀📦

blog.pypi.org/posts/2025-1...

I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!

Making PyPI's test suite 81% faster See how we slashed PyPI’s test suite runtime from 163 to 30 seconds. The techniques we share can help you dramatically improve your own project’s testing performance without sacrificing coverage.

my colleague @darkamaul.bsky.social has a new blog post on the @trailofbits.bsky.social blog about how we worked with @pypi.org's maintainers to slash test times on PyPI by over 80%:

blog.trailofbits.com/2025/05/01/m...

Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...

zizmor would have caught the Ultralytics workflow vulnerability blog.yossarian.net/2024/12/06/zizmor-ultral... #security #oss

Excited to be part of the lineup at @districtcon.bsky.social first conference! Can't wait to see everyone in Washington DC