Summary: A hosting provider exposed 63+ million customer records via an open elastic search database containing exposed username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3, about object injection vulnerabilities like the one discovered in the Welcart e-Commerce plugin, and how POP chain attacks work. And Google's Project Zero finds a high-severity vulnerability in GitHub Actions not fixed within the disclosure grace period.
