Great breakdown on finding bugs in an OAUTH flow
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
Only arguably appsec, but there is an artificial intelligence story writer that was determines to be too powerful to release into the wild, and it has been released into the wild
https://nakedsecurity.sophos.com/2019/11/11/ai-wordsmith-too-dangerous-to-be-released-has-been-released/
Remember when WordPress malware was all the rage? Well, not it is Slack Themes
https://fletchto99.dev/2019/november/slack-vulnerability/
I am a web guy, not an OS guy, so I learned a ton from this rootkit primer
https://capsule8.com/blog/dont-get-kicked-out-a-tale-of-rootkits-and-other-backdoors/
That's the news, folks.