It is possible to perform single-click account hijacking by abusing the OAuth process flow, a security researcher has found. OAuth, also known as Open Authentication, is...
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days...
Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely. The security issue, which has been rated as critical, has been discovered in...
The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users’ webcams and steal recorded videos. However, security flaws still exist...
A cross-site scripting (XSS) vulnerability in PrivateBin, the open source secure pastebin, has been patched. PrivateBin, a fork of the popular ZeroBin, is an online tool used to...
Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware. The Computer Emergency Response Team of Ukraine...
A “crazy” parser bug potentially leading to XSS exploits has been patched by Chromium developers. The vulnerability was reported in July 2021 to Chromium developers by...
Security researchers have uncovered a stored cross-site scripting (XSS) vulnerability in Microweber, an open source website builder and content management system (CMS). The security issue, discovered by researchers...
Apple has added a raft of new features to WebKit, including improved support for Content Security Policy (CSP) Level 3, with the latest release of Safari version 15.4. This, say...
Business email platform Zimbra has released a hotfix for a cross-site scripting (XSS) vulnerability whose abuse has underpinned a series of spear-phishing campaigns. A suspected, previously unknown Chinese APT...
Recent Comments