XXE to RCE in XML plugins for VS Code, Eclipse and other software based on LSP4XML.
Be careful with those blacklists.
"Roads" by Max Böck https://mxb.dev/blog/roads/
Brilliant satire on modern web development.
"Projects vs Tasks"
Several years too late, but built in PGP support is coming to Thunderbird.
Google, Xiaomi, and Huawei devices affected by zero-day flaw that unlocks root access https://thenextweb.com/security/2019/10/04/google-xiaomi-and-huawei-devices-affected-by-zero-day-flaw-that-unlocks-root-access/
"There *was* a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up."
"In summary, usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo will ignore package and download the wrong dependency"
Disclosure of a Lightning network bug/vulnerability (already fixed in recent versions):
"Software Security Field Guide for the Bewildered"
LastPass releases update for security vulnerability:
– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.