I think the crown so far goes to https://androidrookies.com/bitdefender-anti-virus-found-vulnerable-allowing-attackers-to-run-commands-remotely/ which is a confusing mix of Wikipedia info, my article and https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ without any of the sources named. Some of my statements are marked as quotes, others are simply part of the text. And parts are just weird.
https://gbhackers.com/vulnerability-in-bitdefender-anti-virus/ on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.
While https://www.securitynewspaper.com/2020/06/23/bitdefender-flaw-allows-hacking-your-phone-or-laptop-remotely/ copied the article from https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ with few changes, they somehow decided that a Windows-only vulnerability can be used to hack your phone.
By the way, most articles just copying https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ can be easily spotted because they perpetuate a mistake: the generally well-written article calls certificates warning pages "HSTS warnings," mixing up different concepts.
https://www.theregister.com/2020/06/24/bitdefender_security_hole/ got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.
The author of https://www.softzone.es/noticias/seguridad/vulnerabilidad-rce-bitdefender-peligro-windows/ translated the BleepingComputer article into Spanish, carefully removing all image and discovery attribution in the process. When I pointed this out, he at least added a link to my blog post.
A Mastodon instance for info/cyber security-minded people.