Episode 88: XCloner Vulnerabilities, LokiBot Malware, & a 14 Year Old Nets a $25K Bug Bounty
![Think Like a Hacker with Wordfence show](https://d3dthqtvwic6y7.cloudfront.net/podcast-covers/000/093/948/small/think-like-a-hacker-with-wordfence.jpg)
Summary: Our Threat Intelligence team discovered vulnerabilities in XCloner Backup and Restore, affecting 30K+ sites. CISA is warning of persistent malicious activity connected to LokiBot. An API change will break Facebook & Instagram oEmbed links after October 24. Google has launched the Web Stories for WordPress plugin making full-screen, tappable content possible. Drupal patches a critical reflected XSS vulnerability, & a critical stored XSS vulnerability in Instagram's Spark AR Studio nets a 14-year-old $25,000.