Post-CodeMash edition!
The Government of Gibraltar had a SQL Injection vulnerability in the site that hosts their laws. That wouldn't end well.
https://www.theregister.co.uk/2020/01/07/gibraltar_sql_vuln_allowed_law_editing/
There is an actual practical attack against SHA-1 that has been POCd. If you are still using SHA-1 for session tokens, might want to consider something else.
https://www.schneier.com/blog/archives/2020/01/new_sha-1_attac.html
Half of WASM code is used to write malware. I'm not completely sure, but I think I called this one.
https://www.zdnet.com/google-amp/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/
Huge big ginormous remote code execution flaw in Citrix. TrustedSec has a good writeup.
https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/
That's the news, folks. Stay safe.