Interesting idea - introducing bugs to make software more difficult to attackers to navigate. Seems risky to me; I would rather see self-reporting software.
https://arxiv.org/pdf/1808.00659.pdf
Cloudflare has a really really good writeup on TLS 1.3.
https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/
Questionably ethical hacker steals credentials from the Homebrew repo and makes a commit.
https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab
Viral tweet thread on the "voatz" software that WVa is planning on using for midterm elections. Vulnerabilityapalooza.
https://twitter.com/GossiTheDog/status/1026603800365330432
Portswigger posted a nice primer on cache poisoning.
https://portswigger.net/blog/practical-web-cache-poisoning