Microsoft has a really good article on using a semantic query language to find exploitable DOM XSS findings. Honestly the whole series is recommended, but the DOM XSS one here is particularly good.
Google Project Zero revealed a UAF bug in Android a bit ago, and here is an awesome analysis of how it happened. Good reading for mobile devs especially, but I certainly learned stuff too.
In continuing supply chain news, Armor has a good article on Managed Service Providers being a strong candidate for Malware Distributers of the Year.
That’s the news!