Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw207