Autodesk A360 cloud-based online storage misused as a delivery platform for multiple malware families.
Brian Krebs has done a good open source intel work on a shadowy past of Marcus Hutchins, author of the popular cybersecurity blog MalwareTech.
Wikileaks has published documents about the CIA Angelfire - "persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7)"
ESET has published a research paper about a Gazer, stealth cyberespionage trojan, attributed to the notoriously known Turla group. The group was spreading malware using watering hole and spearphishing campaigns. I cannot find any more direct attribution except the fact that it is targeting "embassies and consulates" which, I believe, are a very common target for every intelligence actor...
Zimperium Researcher Adam Donenfeld published a proof-of-concept for iOS Kernel Exploit.
Very good analysis of a group chat vulnerabilities in a popular IM applications:
"Insecurities of WhatsApp's, Signal's, and Threema's Group Chats"
Cloudflare's blog post about a quantum resistant supersingular isogeny Diffie-Hellman key agreement used in TLS 1.3.
A Phrack-style paper on research into abusing Windows token privileges for escalation of privilege. Deep down the rabbit hole.
Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the Intel Management Engine.