Security News

A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.

A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to...

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

A change made several months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search and likely other Google products. read more

Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site.

Not on 5.1.1? You should be A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or...

A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s...

Online-note-sharing company Evernote has patched a hole that allowed attackers to infect notes shared via its service.

The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week. read more

Hundreds of millions of users may have been exposed to cross-site scripting (XSS) attacks due to a vulnerability present in Branch.io, a service used by Tinder, Shopify, Yelp and many others. read more