If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.
There is a good blog post by Stuart Schechter about the dark side of the two factor authentication. Highly recommended reading.
Great research by Eyal Ronen, Kenneth G. Paterson and Adi Shamir demonstrate that adopting pseudo constant time implementations of TLS are not secure against the modified Lucky 13 attack on encryption in CBC-mode. Tested against four fully patched implementations of TLS - Amazon's s2n, GnuTLS, mbed TLS and wolfSSL.
Traefik, popular open source reverse proxy and load balancing solution is leaking (CVE-2018-15598) TLS certificate private keys via API.
Google enrolled Hardware Secure Module to their Cloud Key Management Service. The customers can use it to store their encryption keys with FIPS 140-2 Level 3 security certified devices from now on.
Microsoft Corp said that Russian hackers are targeting U.S. political groups ahead of November’s congressional elections.
The WIRED cover story on how Russian NotPetya malware took down Maersk, the world’s largest shipping firm.
Kaspersky Lab published analysis of a sophisticated "Dark Tequila" banking malware which is targeting customers in Mexico and other Latin American nations.
NSA successfully cracked and listened for years to encrypted networks of Russian Airlines, Al Jazeera, and other “High Potential” targets.
Anonymous targeted Spanish Constitutional Court, economy and foreign ministry websites to support Catalonia separatist drive.
Red Teaming/Adversary Simulation Toolkit is a collection of open source and commercial tools that aid in red team operations.
The AWS team published blog about the recent improvements to the secure random number generation in Linux 4.14, OpenSSL and libc.
Really good introduction to the anonymous communication network design and mix nets in general, published by Least Authority.
Those guys reverse-engineered the Furby Connect DLC file format and are able to remotely upload their own logos, songs to the device over Bluetooth.
There is a critical vulnerability in the MacOS High Sierra, anyone can login as root with empty password after clicking on login button several times. For now, it could be mitigated by just changing the root password.
Very good investigative journalism about the mysterious NSA contractor which could provided top secret documents to the Shadow Brokers.
Uber paid hackers $100k to delete stolen data on 57 million people and shut up. They have even tried to fake it as an bug bounty payment.
Someone published remote code execution exploit for the Exim Mail server (CVE-2017-16944) on GitHub. Shodan.io shows more than 400k servers with the vulnerable CHUNKING feature.