A week in security (May 4 – May 10)

Last week on Malwarebytes Labs: Microsoft says Edge’s plaintext password behavior is "by design" ShinyHunters escalates Canvas attacks with school login defacements Massive AI investment scam network spans 15,500 domains If a fake moustache can fool age checks, is the Online Safety Act working?...

CVE-2025-9317

Summary: CVE-2025-9317 affects AVEVA Edge components used in AVEVA Edge, Edge Project files, and Edge Offline Cache, with later Red Hat/NVD references corroborating the same vulnerability. The underlying issue is the use of weak cryptographic hashes (MD5) to protect passwords, enabling a local at...