How a failing red-team engagement led us to find a silly zero day. And why “insecure by default” is still an issue in 2019.

One push too far / part 3 As we saw in part 1 and part 2 of this article series, we can use malicious notifications to gain persistent access to users’ brows...