1. CRITICAL SECURITY AUDIT: Akahu User Access Token Exposed to Frontend Browser in MyMascada API
A critical security vulnerability has been identified in the MyMascada WebAPI, where sensitive Akahu user access tokens are being directly exposed to the client browser. This exposure occurs because the `/api/BankConnections/akahu/exchange` endpoint returns the token in its HTTP response body, a direct violation of Aka...