Another great Server Side Request Forgery find. I found this on a test again in May folks, it's a real thing. Just because your analyst doesn't have time to write the exploit doesn't mean it isn't real.
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
Spoofing attacks on contact tracing. Man, the bad guys will stop at nothing. Insane.
https://www.theregister.com/2020/06/02/contact_tracing_spoofable/
Two MORE remote code execution vulns in Zoom. Now, don't think I am picking on them, but this is why we should be careful up front - you never know when you are gonna go viral! I think the devs at Zoom are doing an AWESOME job fixing these as they show up.
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html?m=1
The fantastic Google Project Zero wrote a neat instrumentation library that is ACTUALLY lightweight for Windows 32 and 64. You should use it to instrument only modules of interest, and it adds very little overhead. I haven't played with it yet but I am very excited to (when I have two minutes to rub together).
https://github.com/googleprojectzero/TinyInst/blob/master/README.md
Hope you are all safe. Weird stuff going on, and us in tech are well positioned to make changes in the world. Stop and think before you choose a direction.