eWeek

Facebook Bully Video Actually an XSS Exploit

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
Hackaday

Exploit-Me Firefox XSS And SQL Scanning Addon

[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999] One of the best tools we saw at LayerOne was the Exploit-Me series ...
Threat Post

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...
Computer Weekly

Zero-day exploit for Yahoo Mail goes on sale

A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts. The hacker, known as “TheHell”, ...
Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
Infosecurity-magazine.com

Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...
Bleeping Computer

Phishing campaign uses UPS.com XSS vuln to distribute malware

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel ...