RESOLVED. 11/15/15: Saw this on the boards and thought I'd share:
For more, including how to disable Flash in your browsers to mitigate this danger, see this DTI blog post.Dress To Impress Blog wrote:A malicious Flash file has recently appeared on multiple Neopets-related websites, including Neopets.com itself.
When you visit an infected webpage, it exploits a vulnerability in Flash and Neopets.com to immediately transfer all of your on-hand Neopoints, banked Neopoints, and gallery items to the attacker’s account. Some users report that this attack can even circumvent PIN protection.
I typically browse with Flash disabled by default, but I've had Neo on my exception lists since so much of the site is Flash. Luckily that is easy to fix.
Stay safe out there friends. :/
(Any interest in using this thread as an on-going status update for new vulnerabilities as they are reported? May be easier to just reply whenever something pops up than making a new post?)