Applied ThreadFix: Fire Bullets, Then Cannonballs – AppSec Edition

The concept of "firing bullets and then cannonballs" comes from the book Great By Choice by Jim Collins and Morten T. Hansen. The idea works a little like this: first fire your "bullets" - low-cost, low-risk, low-distraction experiments to figure out what will work. This allows you to calibrate...

Automattic: [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron

Hi, A carefully crafted injection in the Markdown parser within Simplenote for Windows can be leveraged to achieve remote code execution via an external JavaScript file. The nature of Simplenote's content sharing system, which makes use of tags containing email addresses, means that an adversary...