Jan 31, 2021 Application Security This Week for January 31 Using Machine Learning to perfect SQL Injection https://portswigger.net/daily-swig/machine-learning-offers-fresh-approach-to-tackling-sql-injection-vulnerabilities And some practical application of that idea https://research.nccgroup.com/2019/06/05/project-ava-on-the-matter-of-using-machine-learning-for-web-application-security-testing-part-1-understanding-the-basics-and-what-platforms-and-frameworks-are-available/ Didier has a new PDF tool out. I haven't used it yet but I am certain it is awesome. https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/ OK, this is a weird one. It appears that threat actors are using project files with built-in vulnerabilities to target the vulnerability researchers themselves, apparently to steal their research. That's some next level stuff. https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/amp/