The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.

Attackers are using an exploit kit to spread the Zminer executable that downloads a cryptocurrency miner hosted in an Amazon S3 bucket.

An obscure Apple kernel extension patched in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.

Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.

More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK called Igenix could be leveraged to quietly install spyware on devices.