Good Twitter thread on JavaScript based redirection and Cross-site Scripting.
https://twitter.com/hakluke/status/1216524131421655041
I use Burp Suite for a lot of my testing (though I do love ZAP as well). Here is their roadmap for the next year or so.
https://portswigger.net/blog/burp-suite-roadmap-for-2020
You have probably heard that Microsoft's CryptoAPI has a bug. The US Government has a good writeup.
https://www.us-cert.gov/ncas/alerts/aa20-014a
Speaking of governments, the UK cybercommand has a really creat article on security antipatterns.
https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns
And finally: SHA-1 is now proveably broken. Time to move on from it as a session identifier.
https://eprint.iacr.org/2020/014.pdf
That's the news, folks.