Newsletter 2026-03-17
Another week another round. For week 12 we have a colourful mix of articles with no particular theme.
Praetorian shows in their blog how different interpretation of headers can lead to gaps in system security. They use two CVEs in Fabio and OAuth to explain header injection.
An OSINT newsletter that’s just starting. The person previously worked in Dutch law enforcement and already ran an OSINT newsletter for colleagues there. Now the tips are being shared with everyone. I definitely think it’s worth adding to your RSS feed if you’re interested in OSINT.
Overengineering crypto can have consequences. Pretty interesting explanation of how FreshRSS almost programmed an authentication bypass into itself.
Anthropic’s Claude recently found plenty of problems in Firefox and other software, but at the same time isn’t immune to vulnerabilities itself.
Another interesting article from Nico Dekens around the topic of AI use in OSINT and other areas. How you can recognize when a team is overly dependent on AI use and why it’s important to keep the big picture in mind even when using AI.
Glassworm is back with a new campaign. More than 150 repos, 72 VSCode extensions, and one MCP server were compromised. CoverUp commits have been used to cover tracks.
Google broke down last year’s trends around TTPs and the various ransomware software families and looked at what’s being used most frequently.
And last but not least, a write-up on the Iranian threat actor “Boggy Serpens”.
Read you next week