Indeed, the story of integrating C and C++ with Rust isn't a simple one right now. It might introduce larger attack surfaces. Some improvements are proposed in this paper.

Interesting list. Definitely to keep in mind when developing and deploying a web application.

It points out the security risk but it's mainly a good explanation on how Python loads modules.

Interesting experiment even though it's still early days for this kind of research and we'd need more such evaluations. They found that it produces mostly insecure code. This is not really surprising in the end, this manipulates language but has not execution model. It can be fixed only by coupling to some outside system.

This is definitely something to keep in mind and check if you have any LUKS encrypted storage. The key might be less protected than you think.

Good milestone for this project I've been using for a long while now.

This is an incredibly informative deep dive regarding a new attack on CAN buses. Also proposes potential fixes. Let's see how car makers deal with it.

This looks like an interesting new authorization scheme.

This is actually an interesting feature to know when a key changes.

Are we surprised? Not really no... you don't own any of the data you're feeding it. Keep it away from your secrets.

Looks very interesting, I guess I will switch some of my devices to using this and we'll see how it goes.

That's really a massive leak again! The amount of personal data in the wild... will likely help with identity theft too.

That's an "interesting" leak, both for how it happens and what it contains. I shows serious biases in the "no fly list" used by airlines.

This is apparently a somewhat common mistake. Something is apparently not easy enough to handle and error prone.

International Domain Names indeed opened a whole can of worms. This creates plenty of opportunities for confusions and mistakes waiting to happen... or to be exploited.

Interesting bug in SQLite. In particular look for the conclusion regarding tests and coverage. It's something I often have to remind people of.

It's nice to see Tor is still winning even in difficult countries.

This is an interesting (and concerning) type of rootkits. Hard to tell how much of it really is in the wild at the moment.

Alright, this one looks somewhat concerning...

Interesting forensic of a supply chain attack targetting crates.io. Especially fascinating to me is how it then tries to target CI build environments as preparation for larger attacks.