diff --git a/content/notes/02-concepts-and-roles.md b/content/notes/02-concepts-and-roles.md
index 38acb10f5..f27c13c80 100644
--- a/content/notes/02-concepts-and-roles.md
+++ b/content/notes/02-concepts-and-roles.md
@@ -11,10 +11,27 @@ tags:
 - [deakin university attack](https://australiancybersecuritymagazine.com.au/up-to-10000-students-targeted-in-deakin-university-cyberattack/)
 	- staff credentials were leaked and acces to students information was gathered
 - [rusian hackers attack lithuania](https://www.reuters.com/world/europe/russian-hacker-group-says-cyber-attacks-continue-lithuania-2022-06-28/)
-- 
+- [attacks against india](https://www.indiatoday.in/india/story/prophet-row-international-hackers-cyber-attacks-india-nupur-sharma-remark-1961941-2022-06-13)
+- [retbleed attack affects AMD and Intel CPUs (spectre-based speculative-execution attacks)](https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html)
+
 # Vulnerabilities
+- a potential weakness in an asset
+	- or in its defense security control
+- e.g., flaws in software packages or an unprotected system port
+
+exploit is the technique used to attack
+
+- [RAND report r-609-1 (1979)](https://i.imgur.com/GEVLIq1.png)
+- need to be aware of vulnerabilities
+
+e.g.,
+- websites can steal browser data via extension APIs
 
 # Security services and control
+- services
+	- the intended security goal or property (C.I.C provides the three main security services)
+- controls
+	- the mechanisms employed to implement the services
 
 # CIA