Zip/PNG, Exploits, DoS, Referrer, PHP
Twitter image upload allows extra trailing data in the IDAT chunk, resulting in allowing the upload of valid zip files as PNG images.
Project Zero discovered how attackers were using seven 0-days exploits in the wild.
Cloudflare shared their autonomous protection at the edge.
Firefox 87 will trim HTTP Referrers by default.
PHP source repository received two malicious commits, got noticed, and reverted immediately.