The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.

Researchers who identified a real-time way to detect credential spearphishing attacks in enterprise settings won $100,000 from Facebook last week.

Personal and business data belonging to Boston area meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has since been locked down.

Mike Mimoso and Tom Spring discuss this week’s security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe’s decision to end-of-life Flash Player.

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims’ browsers grows.

Blizzard Entertainment was hit with a crippling DDoS attack over the weekend that followed similar attacks last week that knocked gamers offline.