diff --git a/README.md b/README.md
index 9246ad5..bbfe4b8 100644
--- a/README.md
+++ b/README.md
@@ -422,6 +422,7 @@ _return-to-libc techniques_
 - [Attacks on point-of-sales systems](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf)
 - [Another Brick in the FrameworkPoS](https://www.trustwave.com/Resources/SpiderLabs-Blog/Another-Brick-in-the-FrameworkPoS/)
 - [Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World](https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/)
+- [Buy Candy, Lose Your Credit Card - Investigating PoS RAM Scraping Malware](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf)
 - [Follow The Money: Dissecting the Operations of the Cyber Crime Group FIN6](https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf)
 - [PoS RAM Scraper Malware - Past, Present, and Future](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf)