[ Browser ]  About the security content of Safari 10.1.1 https://support.apple.com/en-us/HT207804

[ Browser ]  The tl;dr here is: smaller memory footprint, better real-world perf, and some nice JIT security improvements. https://v8project.blogspot.de/2017/05/launching-ignition-and-turbofan.html

[ Industry News ]  WordPress Now on HackerOne https://wordpress.org/news/2017/05/wordpress-now-on-hackerone/

[ Industry News ]  United Airlines cockpit codes released to the public http://www.zdnet.com/article/united-airlines-cockpit-codes-released-to-the-public/#ftag=RSSbaffb68

[ iOS ]  About the security content of macOS Sierra 10.12.5 https://support.apple.com/en-us/HT207797

[ Malware ]  Excellent #WannaCry resource sheet: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168 @ MalwareTechBlog @ hackerfantastic

[ MalwareAnalysis ]  We just published an analysis of the #Lazarus/#Wannacry similarities found by @ neelmehta - https://securelist.com/blog/research/78431/wannacry-and-lazarus-group-the-missing-link/

[ Others ]  Tweet is for a silent, "fileless" UAC bypass on Win10 which should be fixed in RS3 :-). Bit more info on my blog https://tyranidslair.blogspot.co.uk/2017/05/exploiting-environment-variables-in.html

[ Others ]  Help me test our latest #nmap NSE script to check Windows machines vulnerable to ms17-010 #smb #WannaCry #infosec https://t.co/um12vdnjGt

[ Pentest ]  [Blog] Empire - Modifying Server C2 Indicators, follow-up to @bluscreenofjeff recent post on #Empire C2 profiles https://t.co/VXaNY5BN1G

[ Popular Software ]  I just realized I didn't release the slides for my talk @ MS BlueHat and Tencent TenSec last Nov., so here you go https://sites.google.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf.

[ Tools ]  Reverse engineer 200 binaries with the mechanical efficiency of symbolic execution http://blog.trailofbits.com/2017/05/15/magic-with-manticore/ https://t.co/ESGwAQgMpf

[ Tools ]  WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform. - https://wikileaks.org/vault7/releases/#AfterMidnight

[ Tools ]  It's finally here: https://xorrior.com/2.0-Final-Release/ cc @ 424f424f @ harmj0y @ Killswitch_GUI @ sixdub @ enigma0x3 Enjoy!?

[ Windows ]  Windows Kernel stack memory disclosure in win32k!xxxClientLpkDrawTextEx https://bugs.chromium.org/p/project-zero/issues/detail?id=1182

[ Windows ]  Windows Kernel pool memory disclosure in nt!NtTraceControl (EtwpSetProviderTraits) https://bugs.chromium.org/p/project-zero/issues/detail?id=1161

[ Windows ]  Windows Kernel uninitialized memory in the default dacl descriptor of system processes' token https://bugs.chromium.org/p/project-zero/issues/detail?id=1145

[ Windows ]  Windows Kernel pool-based out-of-bound reads due to bugs in the implementation of bind() in afd.sys and tcpip.sys https://bugs.chromium.org/p/project-zero/issues/detail?id=1127

[ Windows ]  0patching the "Worst Windows Remote Code Execution Bug in Recent Memory" CVE-2017-0290 https://0patch.blogspot.com/2017/05/0patching-worst-windows-remote-code.html

[ Windows ]  Stealing Windows credentials using Google Chrome https://www.helpnetsecurity.com/2017/05/15/stealing-windows-credentials-using-google-chrome/