SplashData has their 100 worst passwords out again this year. Remember, at least, prevent these passwords in your signin flow.
https://www.prweb.com/releases/bad_password_habits_die_hard_shows_splashdata_s_8th_annual_worst_passwords_list/prweb15987071.htm
Really good breakdown of finding hidden files and directories and using them for information gathering on web applications.
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad
Microsoft has come out with Windows Sandbox - might be a good platform for analyzing malware, but the jury is still out.
https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
Gah, bug in Ghostscript. Lots of vectors in the ImageMagik/PostScript space these days, watch yourselves.
https://www.rapid7.com/db/modules/exploit/multi/fileformat/ghostscript_failed_restore
And this is why I write up folks that have third party hosted JavaScript.
https://shkspr.mobi/blog/2018/11/major-sites-running-unauthenticated-javascript-on-their-payment-pages/
That's the news folks. Stay safe, and have a good holiday.