From the Absolute AppSec Podcast - learned about a really great article on how Account Enumeration is exploited. I get pushback when I put it on reports, but it's a real vulnerability.
https://sidechannel.tempestsi.com/once-upon-a-time-there-was-an-account-enumeration-4cf8ca7cd6c1
Chrome is going to start blocking mixed content downloads, which are HTTPS pages that have links to HTTP files. Search your codebase for HTTP!
https://blog.chromium.org/2020/02/protecting-users-from-insecure.html?m=1
America isn't the only country leaving their data exposed.
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/
Exposing secrets in source code is a real thing. I discovered a very cool tool that helps (if you are working in VS Code, which you should be) called Cloak.
https://johnpapa.net/hide-your-secrets-in-vs-code-with-cloak/
Finally, I have mixed feelings about this one. Firefox will stop supporting TLS 1.0 and 1.1 soon and other browsers will surely follow. I get it, there are flaws in those protocols, but they are better than nothing. This feels a lot like gatekeeping to me (older machines run older browsers), and regular readers know that I am not saying that out of political correctness. Lemme know what you think in the comments.
https://www.theregister.co.uk/2020/02/10/tls_10_11_firefox_complete_eradication/
That's the news, folks. Stay safe.