Nice writup that explains a pivot from and iPhone app all the way through to domain access via chained exploits. Application security is hard.
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem/
The security.txt file is near becoming an IETF standard.
https://mailarchive.ietf.org/arch/msg/ietf-announce/OFuiGlVv6WgvEEABaGmnYi120yU
Cool Azure horizontal privilege escalation writeup using the cloud shell.
https://blog.netspi.com/attacking-azure-cloud-shell/
That's the news. Hope everyone is having a stress-free holiday.