Archive - Bomfather

Breakdown of New RunC vulnerabilities CVE-2025-31133, CVE-2025-52565, and CVE‑2025‑52881

I recommend reading the actual exploit https://seclists.org/oss-sec/2025/q4/161. It’s mind-blowing, how complex and how many jumps it takes actually to…

Nov 9 •

October 2025

L2 Base Node Builds are Insecure

The docker builds for L2 base/node are full of holes

Oct 30 •

Stopping kill signals against your eBPF programs

Death has never been fun, let's avoid it (with eBPF)

Oct 29 •

GitHub’s ubuntu-latest Runners Have 1,681 Packages and 9 HIGH-Severity Vulnerabilities

We build our platform in Go and C. Our production containers are stripped down to exactly what we need. Removing unnecessary packages and minimizing the…

Oct 26 •

How We Secured Our eBPF from eBPF

This blog post is one in a series about how we secure our eBPF agent from malicious users who try to overwrite or destroy it.

Oct 26 •

We're Replacing Our Kubernetes Ingress Stack with Cloudflare Tunnels, Here's Why

Why we're moving from NGINX/Ingress + Load Balancers to Cloudflare Tunnels: simpler ops, better security, global performance, and lower cost.

Oct 26 •

Attacking and Securing eBPF Maps

BPF Maps aren't really that secure against users with admin permissions

Oct 26 •

LD_PRELOAD, The Invisible Key Theft

How LD_PRELOAD can be used to steal keys without you knowing...

Oct 26 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts