An article about package manager typo-squatting that I had not known about. An attacker names their malicious package very similar to something that already exists and uploads it to a package manager, hoping that a developer will download and use it instead of the real thing. https://www.darkreading.com/vulnerabilities—threats/beware-the-package-typosquatting-supply-chain-attack/a/d-id/1340383
Covid-19 testing service exposed Amazon S3 buckets that contained PII, including passport scans: https://www.hackread.com/us-covid-19-testing-service-exposes-patients-data/.
We briefly mentioned exposed Amazon S3 buckets in the last news brief.