Breakdown of a malicious app that man-in-the-middled the Google Signin.
https://blog.usejournal.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075
Good Wired article about tools the fibby uses to get around smartphone encryption.
https://www.wired.com/story/smartphone-encryption-law-enforcement-tools/
Oh man, cross-origin images and data leakage. Certainly adding this to my manual testing.
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
This has been patched, but a really good explainer on how the RCE in Office 365 was discovered.
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html
Using game hacking to explain the danger of unsigned code.
https://secret.club/2021/01/12/callout.html
Have a great week folks!