Summary: This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google's decision to remove Chrome's built-in XSS protection, a researcher's discovery of vulnerability in Instagram's 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.
