A wonderful human being put together a list of resources about hacking mainframe systems, worth a look if your organization is run on the big metal.
https://github.com/samanL33T/Awesome-Mainframe-Hacking/
Apple had a not-good-very-bad week. First, the OpenIF Foundation dinged the Mac implementation of "Sign in with Apple"
https://nakedsecurity.sophos.com/2019/07/08/privacy-and-security-risks-as-sign-in-with-apple-tweaks-open-id-protocol/
Then it was discovered that all of the magic of Zoom's conference software is due to a web server installed on MacOS, which you can't remove! (Heeeey!)
https://www.engadget.com/2019/07/09/zoom-will-remove-server-behind-mac-security-hole/?ncid=txtlnkusaolp00000618
Rhino Security released a new version of CloudGoat, an insecure-by-design cloud deployment tool.
https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/
One of my favorite attacks against file uploads that take zip files is the zipbomb. Well, someone made a really nice one.
https://www.vice.com/en_us/article/597vzx/the-most-clever-zip-bomb-ever-made-explodes-a-46mb-file-to-45-petabytes
There is a flaw in the Android update system that allows attackers to modify updates on the fly. Oh, and it is being exploited in the wild.
https://thehackernews.com/2017/12/android-malware-signature.html?m=1
That's the news, folks. Have a safe week!