A new open source project that generated an Android Studio project from an APK
https://maxkersten.nl/2018/11/21/androidprojectcreator-the-how-and-why/
Robert Graham has some thoughts on HTTP/3
https://blog.erratasec.com/2018/11/some-notes-about-http3.html?m=0
NEWS FLASH! There is a security hole in Adobe Flash.
https://www.theregister.co.uk/2018/11/20/adobe_flash_bug/
Remember when I said there would never be a reliable exploit for the Rowhammer vulnerability? I was wrong.
https://www.wired.com/story/rowhammer-ecc-memory-data-hack
Mr. Krebs was alerted to a vulnerability at USPS that an exasperated researcher had been trying to get them to fix for a year.
https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
Late addition: PortSwigger posted the Top 10 Web Application Security research for the last couple of years.
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017
And that's the news!!