CVE-2026-20963 Sharepoint Insecure Deserialization 8.8/10

Weekend soon. Where @watchTowr blog? Need lolz. I can has?

Remote development mode in @zed is true killer feature! Previously I highlighted its usefulness for x-platform Rust dev, but now I'm using it instead of devcontainers to develop some not-very-trustworthy Python stuff.

Debugging worked out-of-the-box, I only had some trouble figuring out that LSP is not available until I mark the remote project as Trusted too.

Today is #iocaine 3.3.0 release day.

I'd like if it included a Grafana dashboard for the built-in script. But I'm yet to build one. It's very similar in shape to NSoE's, mind you... but I'd still need to do some work on it.

I've been postponing this since forever. But this is likely going to be the last 3.x release, I really, really should.

I'll go grind some spoons¹, and see if I can manage.

---

1. Well, hello there The Pitt S02E11! ↩︎

"There are repairs to be done, sometimes, both up there and down here."

A new page of my comic Ekphrasis, which you can read for free at https://ekphrasiscomic.neocities.org/

SWIMSUIT/APPLE01.GIF

Let Me Explain How a State Actor Could Perform a Denial-of-Service Attack on the Entire UK Government in the Wake of Ofcom “Online Safety Act” Client-Side Scanning
https://alecmuffett.com/article/150401
#ClientSideScanning #NationalSecurity #OnlineSafetyAct #PhotoDna #censorship #surveillance

Final report on last year's Iberian blackout has been released, including this very interesting diagram showing the contributing factors

https://eepublicdownloads.blob.core.windows.net/public-cdn-container/clean-documents/Publications/2025/iberian-blackout/Final%20Report%20on%20the%20Grid%20Incident%20in%20Spain%20and%20Portugal%20on%2028%20April%202025.pdf

Super weird experience: have #Microsoft #Copilot 365 installed on iOS connected to an “Enterprise Tenant”.

This morning I get an urgent alert from Copilot 365, I click on it and there’s a web query for “Tell me the latest trends in IT jobs” running which I never asked for.

I stop it and prompt: “I never asked for this”.

Reply: “Sorry for overstepping and running queries without being prompted”

WTF?!?!?

This is literally a “kill them all with fire, salt the ashes and, for good measure, flood the area.”

😂

"To underscore the consequences of not having that kind of data, Smiley pointed to a recent attempt to rewrite SQLite in Rust using AI."

"It passed all the unit tests, the shape of the code looks right," he said. It's 3.7x more lines of code that performs 2,000 times worse than the actual SQLite. Two thousand times worse for a database is a non-viable product. It's a dumpster fire. Throw it away. All that money you spent on it is worthless."

https://www.theregister.com/2026/03/17/ai_businesses_faking_it_reckoning_coming_codestrap/

#AIBubble

"The decision not to build something is a decision, an important one! Document it accordingly."

https://terriblesoftware.org/2026/03/03/nobody-gets-promoted-for-simplicity/

Many other things to quote from this piece!

Trying to convince my students that having all your security policy changes include a design doc describing the status quo, the desired outcome, why this change will achieve it, why alternatives were rejected, and then implementing it via some automation schema so it can't accidentally be reverted for no obvious reason is good actually

@reverseics Hush!

i read the autumn/winter edition of the Good Internet Magazine on the day it arrived: https://goodinternetmagazine.com/

it's a cozy digital-and-print publication about the indie web, very accessible to everyone, not just to technologists

reading it reignited some of the desire to build an experience on the web that lies outside the norm of "usefulness" and "coherence"

i'm grateful to all authors and to @xandra for orchestrating it

#indieweb #goodinternetmagazine #smallweb #goodinternet

@addison Could you provide some links?

My life with Claude Code

Via @david buchanan

Gotta say #IDA Semantic Engine sounds incredibly cool!

https://hex-rays.com/blog/2026-product-direction-priorities

Why I Left Kali for Exegol https://bltsec.com/posts/exegol/

Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found

What's new is old, and what's old is new - as is relentlessly proven.

Join us in our analysis of CVE-2026-32746, the recent pre-auth RCE in inteutils' Telnetd.

Speak soon.

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746

The Last Quiet Thing

https://www.terrygodier.com/the-last-quiet-thing/ascii

Team F-91W FTW!