From the Absolute AppSec Podcast - learned about a really great article on how Account Enumeration is exploited. I get pushback when I put it on reports, but it's a real vulnerability.
Chrome is going to start blocking mixed content downloads, which are HTTPS pages that have links to HTTP files. Search your codebase for HTTP!
America isn't the only country leaving their data exposed.
Exposing secrets in source code is a real thing. I discovered a very cool tool that helps (if you are working in VS Code, which you should be) called Cloak.
Finally, I have mixed feelings about this one. Firefox will stop supporting TLS 1.0 and 1.1 soon and other browsers will surely follow. I get it, there are flaws in those protocols, but they are better than nothing. This feels a lot like gatekeeping to me (older machines run older browsers), and regular readers know that I am not saying that out of political correctness. Lemme know what you think in the comments.
That's the news, folks. Stay safe.