Another Weblogic deserialization bug.
https://securityaffairs.co/wordpress/84450/breaking-news/oracle-weblogic-zeroday.html
I have a PR in for Nikto for it
https://github.com/sullo/nikto/pull/607
A reminder that application security is more than SQL Injection: good analysis of the bugs that caused the 737 Max wrecks. I had to drop it in Pastebin because IEEE put it behind the paywall.
https://pastebin.com/QEiKvvMM
Using Git dotfiles to bypass authentication.
https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/
ZDNet, of all places, has a really good, plain language explainer of credential stuffing.
https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-operations-work/
Little more on the dev side - 10 articles reviewed about using Python in machine learning.
https://hackernoon.com/10-great-articles-on-python-development-6f54dd38437f
And that 's the news! I'll be on vacation next week, so see you on the 12th.