Container security is a big deal, with OWASP A9 showing up more and more. Here is a tool that will help with container scanning, and it is compatible with your continuous integration builds.
https://github.com/knqyf263/trivy
WhatsApp had a bug, but that doesn't dismiss the importance of end-to-end encryption. Discuss.
https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/
Someone found a user after free vulnerability in the Linux kernal going alllll the way back.
https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/
And that's the news!
If you have been in my classes, you know that I often point to weev as my example for why not to hack live sites. Well, now I have a new example.
https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html
DHS is putting a 15 day deadline on all critical patches. Maybe that Windows NT4SP2 box will get a little sumpn sumpn, huh?
https://thehackernews.com/2019/05/dhs-patch-vulnerabilities.html
The Google CTF is coming up in a month or so. Start doing those ZAP pushups.
https://security.googleblog.com/2019/05/google-ctf-2019-is-here.html
El Reg has a great article on the latest (of many) SQLite RCE flaws.
https://www.theregister.co.uk/2019/05/10/sqlite_rce_vuln/
Y'all know that cryptography is not my best subject, but this is important. SHA1 is now provably just as broken as MD5, so start scrubbing it from codebases, except in cases like HMAC.
https://eprint.iacr.org/2019/459
That's the news!