A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and the accidental 5.5.3-alpha autoupdate.
We talk about object injection vulnerabilities like the one discovered in the Welcart e-Commerce plugin and how POP chain attacks work.
And Google’s Project Zero finds a high-severity vulnerability in GitHub Actions not fixed within the 90-day disclosure grace period.
Here are timestamps and links in case you’d like to jump around, and a