[RSS] CVE-2026-22730: SQL Injection in Spring AI's MariaDB Vector Store

https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/

[RSS] Kanboard Authenticated SQL Injection CVE-2026-33058 Writeup

https://0dave.ch/posts/cve-2026-33058/

[RSS] Streamlining Google's OSS VRP: Key Rule Updates

https://bughunters.google.com/blog/ossvrp-rule-updates-2026

same, Hulk, same

Micropatches released for Microsoft Access Remote Code Execution Vulnerability (CVE-2025-62552)
https://blog.0patch.com/2026/03/micropatches-released-for-microsoft.html

[RSS] Attack arithmetic: how an integer overflow in PostgreSQL libpq leads to denial of service

https://swarm.ptsecurity.com/attack-arithmetic-how-an-integer-overflow-in-postgresql-libpq-leads-to-denial-of-service/

[RSS] WSL, COM Hooking, & RTTI. Introduction

https://jonny-johnson.medium.com/wsl-com-hooking-rtti-3abbf873d61f

Looking at WSL internals via COM

One of the things we miss most about physical media is that it’s no fun to give someone a digital file. I Personally miss the joy of giving someone a CD of music I love, or a DVD/Blu-ray of a movie that really moved.

 E-mailing a link or download code just isn’t nearly as fun

@david_chisnall Once your veins were running the bloodline of the Emperor, but look at you now... Twisting astartes genetics into My Little Pony is a truly merciless trick of Chaos!

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

go to the cloud they said
it'll be fine they said

🚨LEGENDARY DROP TOMORROW... Pancake 🤝 Paul’s Security Weekly

Reverse engineering, radare, and NowSecure - you won't want to miss this one

#PaulsSecurityWeekly #radare @pancake @securityweekly

LLM agents:
"Here are some very specific instructions but let's just ignore them as the user was probably joking while smoking crack"

Also LLM agents: "There is a typo in one of the example commands. This should guide us through eternity as the Ark of our great human Master!"

New blog post: Building a Pipeline for Agentic Malware Analysis

Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage

Link: https://synthesis.to/2026/03/18/agentic_malware_analysis.html

Github: https://github.com/mrphrazer/agentic-malware-analysis

#malware #reverseengineering #ai #cybersecurity

@0xabad1dea This sounds pretty much like foreign language education in the post-Soviet block

The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains) - watchTowr Labs https://labs.watchtowr.com/thanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains/

piracy!

@evan because apparently graffiti is a higher level crime than pedophelia, money laundering, or espionage

WE DON'T WANT TO KNOW BANKSY'S IDENTITY

STOP INVESTIGATING BANKSY FFS

INVESTIGATE LITERALLY EVERYTHING ELSE