On December 30th, the US Treasury notified lawmakers that their systems were breached by a China state-sponsored hacker using an old SQL injection vulnerability in a Privileged Access Management tool from Beyond Trust. This surprising exploit went undetected in PostgreSQL for ten years, allowing attackers to control the PostgreSQL interactive terminal (psql) and execute arbitrary system commands. The root of the issue was a Unicode character processing bug, highlighting the complexity of string handling in software. Also, did you know you can adopt a Unicode character for $5,000? The blog post dives deep into the technical details of the incident, shedding light on the importance of secure coding practices and Unicode standards.
https://slamdunksoftware.substack.com/p/hidden-messages-in-emojis-and-hacking