Container security is a big deal, with OWASP A9 showing up more and more.  Here is a tool that will help with container scanning, and it is compatible with your continuous integration builds.

https://github.com/knqyf263/trivy

WhatsApp had a bug, but that doesn't dismiss the importance of end-to-end encryption.  Discuss.

https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/

Someone found a user after free vulnerability in the Linux kernal going alllll the way back.

https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/

And that's the news!

If you have been in my classes, you know that I often point to weev as my example for why not to hack live sites.  Well, now I have a new example.

https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html

DHS is putting a 15 day deadline on all critical patches.  Maybe that Windows NT4SP2 box will get a little sumpn sumpn, huh?

https://thehackernews.com/2019/05/dhs-patch-vulnerabilities.html

The Google CTF is coming up in a month or so.  Start doing those ZAP pushups.

https://security.googleblog.com/2019/05/google-ctf-2019-is-here.html

El Reg has a great article on the latest (of many) SQLite RCE flaws.

https://www.theregister.co.uk/2019/05/10/sqlite_rce_vuln/

Y'all know that cryptography is not my best subject, but this is important. SHA1 is now provably just as broken as MD5, so start scrubbing it from codebases, except in cases like HMAC.

https://eprint.iacr.org/2019/459

That's the news!