Mazen Ahmed write an exploit for the new Struts CVE.
Speaking of the CVE program, and MITRE in general, Steve Ragan got a solid scoop on congress planning a revamp.
Secure Ideas started a blog seried on CORS, CSRF, and Clickjacking which is off to a good start
The Fortnite Android app is vulnerable to a really very unique flaw, Man-on-the-disk.
Speaking of weird flaws, people have started registering skills on Alexa with phonetically similar names as common commands. It's called Skill Squatting.
And that's the news!