A new-to-me file upload vulnerability scanner got an update recently - worth a look.
https://github.com/almandin/fuxploider
Not a very USEFUL vulnerability, but someone figured out how to bypass Chrome's security model for cookies.
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
Telerik (a developer tools company) has a good post on XSS and Content Security Policy.
https://www.telerik.com/blogs/on-cross-site-scripting-and-content-security-policy
And that's the news!