Remember how I always say make sure you audit your third-party JavaScript you embed in your apps, especially in your login pages? Classic example right here, someone inserted malware into the @Twilio SDK because it was in a publicly writable S3 bucket. 😱 twilio.com/blog/incident-rep…