A week in security (October 13 – October 19)

Last week on Malwarebytes Labs: Prosper data breach puts 17 million people at risk of identity theft Under the engineering hood: Why Malwarebytes chose WordPress as its CMS Video call app Huddle01 exposed 600K+ user logs Mango discloses data breach at third-party provider Roku accused of selling...

MAL-2025-37341 Malicious code in tv-ny-munich (npm)

The package tv-ny-munich was found to contain malicious code...

Malicious code in tv-ny-munich (npm)

The package tv-ny-munich was found to contain malicious code...

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don't have efficient methods to manage related time-sensitive SaaS security and compliance tasks...

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China...

progressivefootcareny.com Cross Site Scripting vulnerability OBB-3898198

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

assembly.state.ny.us Cross Site Scripting vulnerability OBB-3870221

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Chinese Cops Ran Troll Farm and Secret NY Police Station, US Says

Three criminal cases detail China's alleged attempts to extend its security forces' influence online—and around the globe...

assembly.state.ny.us Cross Site Scripting vulnerability OBB-3040490

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

assembly.state.ny.us Cross Site Scripting vulnerability OBB-2979122

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mudge Files Whistleblower Complaint against Twitter

Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitters chief security officer until he was fired in January. The Washington Post has the...

PT-2022-3094 · Omron · Sysmac Studio +1

Name of the Vulnerable Software and Affected Versions: Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 Description: The issue is related to the lack of cryptographic authentication in the Omron SYSMAC Nx product family PLCs. This allows an...

new packages: hunspell-ny

An update is available for hunspell-ny. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

assembly.ny.gov Cross Site Scripting vulnerability OBB-2490193

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

assembly.state.ny.us Cross Site Scripting vulnerability OBB-2295803

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nylitigationfirm.com Improper Access Control vulnerability OBB-2179316

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

All Vulnerabilities for coap.gaming.ny.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

breakdown.gaming.ny.gov Cross Site Scripting vulnerability OBB-2153573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ny.listofschools.us Cross Site Scripting vulnerability OBB-1470280

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ny.brightgreenfarms.org Cross Site Scripting vulnerability OBB-1383474

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...