A flaw was found in Windows' malware scanning engine, which is used in Windows Defender among others. It can be trivially exploited without user interaction. Microsoft released an emergency patch within 48 hours. The flaw was found by Tavis Ormandy, again, with colleague Natalie Silvanovich.
AMT's regular authentication mechanism flat out doesn't work, allowing you to log in with an empty password and take full sysadmin control. According to Shodan, 8.500 servers are Internet-exposed and vulnerable.
HandBrake, the popular video transcoding app for Mac, was breached. If you installed HandBrake between May 2nd and May 6th, there is a 50% change of being infected by the Proton malware. HandBrake's original announcement can be seen here.
Hackers were able to use a flaw in the mobile phone protocol SS7 to forward two-factor SMS messages to a number under their control. They used it to log in to bank accounts and transfer money.
The article goes on to explain how SS7 is insecure, and with it SMS-based 2fa verification.
OSS-Fuzz has found over 1,000 bugs, including several security vulnerabilities in SQLite, Wireshark and others. Google will reward large open-source projects between $1,000 and $20,000 to integrate with the service, to encourage increased security.
They explain what to do in a data breach, what some basic security measures need to be, and more. Might be worth a look.
Great blogpost by Troy Hunt with regards to his "Have I Been Pwned" service. He discusses a new set of 1 billion breached accounts that he has added, explains what 'credential stuffing' means, and more. Nothing extremely specific, but just a really fascinating read :-)
Lyrebird is a service that duplicates anyone's voice based on samples it processed. Similar to Adobe Voco that I linked to a while ago. It's not perfect yet, but it's quite scary to realise that voices will soon be very easily faked.