Episode 88: XCloner Vulnerabilities, LokiBot Malware, & a 14 Year Old Nets a $25K Bug Bounty

Summary: Our Threat Intelligence team discovered vulnerabilities in XCloner Backup and Restore, affecting 30K+ sites. CISA is warning of persistent malicious activity connected to LokiBot. An API change will break Facebook & Instagram oEmbed links after October 24. Google has launched the Web Stories for WordPress plugin making full-screen, tappable content possible. Drupal patches a critical reflected XSS vulnerability, & a critical stored XSS vulnerability in Instagram's Spark AR Studio nets a 14-year-old $25,000.