With an announcement of new permissions levels, Twitter is requiring apps that need access to direct messages to re-authorize their users. For mobile apps, this could mean rewriting to use OAuth for the first time. When the developer community balked at a shorter timeline, Twitter extended the deadline to June 14 June 30. Though most developers will not need to make changes to their applications, those that do will have to do so in only 27 43 days.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.