[RSS] Soviet CDs And CD Players Existed, And They Were Strange

https://hackaday.com/2026/03/29/soviet-cds-and-cd-players-existed-and-they-were-strange/

"Predictably, they decided to implement a super-complex XML parser [...] It will also accept the same parameter via query string in a GET request, except in that case the base64-encoded XML document is additionally compressed."

#Citrix should do CTF challenges instead of security appliances, really.

https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/

while we’re eating our best writing crayons and using finger paint to finish our latest research, we’ve decided to take this opportunity to share research from the archives with new followers 🙂

happy Friday… for now 🥹

https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/

(Yes this is not new don’t @ us)

[RSS] CVE-2025-14325: SpiderMonkey Type Confusion in Baseline JIT Inline Cache

https://qriousec.github.io/post/cve-2025-14325/

@sassdawe

@sassdawe I think the progress bar can't really handle this fulfillment ratio lol

@sassdawe @catsalad Recommended movie: Enemy of the State, esp. the meeting after Shaffer finds out that NSA equipment was used without authorization :)

https://en.wikipedia.org/wiki/Enemy_of_the_State_(film)

@sassdawe Btw the video has >1.5M views (not that many people, but a ballpark). This sum is from 25k atm so there's probably much more in the "reserves". I wouldn't be surprised if this one fundraiser would account for 1% of the overall raised *by the whole platform* (that'd require ~4M).

@sassdawe I'm imagining the utter confusion of some people seeing those numbers and I'm pretty happy actually :)

@buherator much wow, but from the good kind this time 🥹

https://4fund.com/62pmv8

Cry and sob hysterically at every occasion, especially when confronted by government clerks.

[RSS] TP-Link, Canva, HikVision vulnerabilities

https://blog.talosintelligence.com/tp-link-canva-hikvision-vulnerabilities/

"Insanity is doing the same thing over and over again and expecting different results"

Einstein obviously didn't have to work with LLMs

A hefty root cause analysis of #Cisco Secure Firewall Management Center (FMC) RCE CVE-2026-20079 out now from our exploit dev team. The bug's a CVSS 10, but there are significant prerequisites for exploitation that limit real-world exploitability https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

@WPalant MCPs are the least intrusive way for LLM integration IMO, so I wouldn't see too much into that but you do you!

How about managed services? Like deploying a Gitea AMI on EC2:

https://aws.amazon.com/marketplace/pp/prodview-lhdotldtcz2ke

@WPalant Gitea/Forgejo have cloud offerings IIRC, they are pretty solid too for regular repo stuff.

AI, a few thoughts, observations about AI & security vulns.
My standard line about AI is "there's a lot I'm uncertain about". But let's be clear, there's a lot I don't like & I'm probably biased towards the "here's how spectacularly AI failed once again" news (of which there are plenty) or at least the "it's not as impressive as it may look".
Yet, I don't want to close my eyes if I see things that clearly don't fit my biases. And I know a thing or two about security vulnerabilities.🧵

@supersingular Opened an issue :)

https://github.com/jinjucat/jinjucat.github.io/issues/1