Portswigger (who builds Burp Suite) has a great article about finding vulnerabilities in bug bounty programs. Must read.
https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher
SANS has a great article about Antivirus evasion. Don't try this at home.
https://isc.sans.edu/diary.html
Oh hey I almost forgot about this one. Remember that Electron bug that was patched? It didn't work. Patch again.
(Maybe we shouldn't write Windows apps in JavaScript. Hmm.)
https://www.theregister.co.uk/2018/05/25/electron_patches_blacklist_error/
REALLY cool use of HTML5 to attack iOS. NEat stuff, good writeup.
https://blogthemediatrust.wordpress.com/2018/05/25/html5-safe-haven-malware/
And that's the news.
S