https://miscreants.github.io/blog.trailofbits.com/categories/vulnerabilities/Recent content in vulnerabilities on The Trail of Bits BlogHugoen-usTue, 18 Nov 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/Tue, 18 Nov 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.https://miscreants.github.io/blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/Thu, 30 Oct 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.https://miscreants.github.io/blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/Wed, 22 Oct 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.https://miscreants.github.io/blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/Thu, 04 Sep 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.https://miscreants.github.io/blog.trailofbits.com/2025/08/27/implement-eip-7730-today/Wed, 27 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/27/implement-eip-7730-today/EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind signing vulnerabilities with minimal implementation effort for dApp developers.https://miscreants.github.io/blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/Thu, 21 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/In this blog post, we’ll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaces, Google Assistant, Genspark, and other production AI systems. We’ll also explain how to mitigate and defend against these attacks, and we’ll introduce Anamorpher, our open-source tool that lets you explore and generate these crafted images.https://miscreants.github.io/blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/Tue, 19 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope approaches.https://miscreants.github.io/blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/Tue, 05 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/In my first month at Trail of Bits as an AI/ML security engineer, I found two remotely accessible memory corruption bugs in NVIDIA’s Triton Inference Server during a routine onboarding practice.https://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/Wed, 30 Apr 2025 03:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/This post describes how many examples of MCP software store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions.https://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/Tue, 29 Apr 2025 09:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/This post describes attacks using ANSI terminal code escape sequences to hide malicious instructions to the LLM, leveraging the line jumping vulnerability we discovered in MCP.https://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Wed, 23 Apr 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Malicious MCP servers can inject trigger phrases into tool descriptions to exfiltrate entire conversation histories and steal sensitive credentials and IP.https://miscreants.github.io/blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/Mon, 21 Apr 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/MCP’s ’line jumping’ vulnerability lets malicious servers inject prompts through tool descriptions to manipulate AI behavior before tools are ever invoked.