Man-in-the-Disk Vulnerability in WhatsApp [CVE-2021-24027]
**tl;dr** WhatsApp stored TLS session resumption files on the sdcard where a malicious application or some social engineering attacker could read.
Vulnerabilities tagged "background"
Container Escape in Bitbucket Pipelines Kata Containers
**tl;dr** Uses a known docker breakout to escape into the wrapping VM, then by replacing a logfile with a symlink you could post to locations on the host machine.
Allow arbitrary URLs, expect arbitrary code execution
Just an overview of how opening links is broken if you don’t check the schema and let the OS deal with it.