NSA's XKeyscore spying tool is used to fish Microsoft Windows crash reports out of the Internet traffic. They have used it against the Mexico's Secretariat of Public Security.
Researchers from the Exodus Intelligence wrote remote exploit against the Android and iOS operating system, using Broadcom’s Wi-Fi chipset bug.
"Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit."
Great blog about chaining 4 vulnerabilities on the GitHub Enterprise in order to achieve remote code execution!
Trend Micro researchers analyzed infection chain used by JS_POWMET fileless malware.
Researchers used antivirus cloud-based sandbox to exfiltrate data from the endpoint.
The Google team has blocked a new "Lipizzan" Android spyware family from the Google Play.
Microsoft won't patch a 20 years old SMBv1 SMBloris memory handling bug, that could be exploited by attackers to execute a Denial of Service attack on a web servers.
Private notes application Standard Notes got a cryptography audit.
Framework for Testing WAFs (FTW) is a project created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF.