This is a pop culture article about why mobile application can be insecure (from Wired) but it is well written. It might be behind a paywall for some of you, if so I'm sorry.
https://www.wired.com/story/ios-android-leaky-apps-cloud/
Good writeup on the Apache Velocity vulnerability.
https://securitylab.github.com/advisories/GHSL-2020-048-apache-velocity
Look, more supply chain problems! Yay! 3,500 pypy packages corrupt, and a tool to discover them.
https://github.com/pypa/pypi-support/issues/923
And finally, a series that begins with DLL Search Order Hijacking, something similar to what I have added to this newsletter before. Worth keeping an eye on.
https://github.com/pypa/pypi-support/issues/923
S