Great responsibility, without great power

Welcome to this week's edition of the Threat Source newsletter. As I'm writing this, today April 28 is International Superhero Day. If you don't know the origin story behind this, perhaps you would assume that this day was dreamed up by Marvel. And… you would be correct. However, it's not a pure...

Malicious code in superhero-turnip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d69e2637a3683b1221571a71874774c0abaa62cd5804c7e846ab5eff6477ee2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3669 Malicious code in superhero-turnip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d69e2637a3683b1221571a71874774c0abaa62cd5804c7e846ab5eff6477ee2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program

From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting XSS vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion...

Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!

Today, we’re incredibly excited to launch a new challenge for the Wordfence Bug Bounty Program: the WordPress Superhero Challenge! Through October 14th, we’re introducing a new active installation count range for our bounties for plugins and themes with 5,000,000+ active installations and we are...

superhero-studios.com Cross Site Scripting vulnerability OBB-3819879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Matrix Is the Best Hacker Movie

Most people point to Sneakers or WarGames. They’re all wrong. The Wachowskis actually invented the ultimate cyber superhero...

Superhero Movies and Security Lessons

A paper I co-wrote was just published in Security Journal: "Superheroes on screen: real life lessons for security debates": Abstract: Superhero films and episodic shows have existed since the early days of those media, but since 9/11, they have become one of the most popular and most lucrative...

August 8, 2017 – Morning Cyber Coffee Headlines – “Smokey the Bear” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 8, 2017 - Headlines NetWorks Group Joins “Carbon Black Connect” Partner...

SuperHero Games Comics Quizzes - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application SuperHero Games Comics Quizzes published at the 'play' market has multiple vulnerabilities...

Guess the Superhero Logo Quiz - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application Guess the Superhero Logo Quiz published at the 'play' market has multiple vulnerabilities...

Princess Power: Superhero Girl - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Princess Power: Superhero Girl published at the 'play' market has multiple vulnerabilities...