cross-site scripting

(get it in RSS or Atom)

New IE zero day exploit circulating, used to install Poison Ivy

New IE zero day exploit circulating, used to install Poison Ivy

The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said he found a new zero day exploit for Microsoft's Internet Explorer web browser.

"Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

Pintrest logo

Another rash of account takeovers on the photo-sharing site Pinterest has spilled over onto Twitter and Facebook, as spammers take advantage of linked accounts.

XSS flaw in WordPress 3.3 - How the smallest things make testing tough

wordpress-thumb

Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.

Weibo, China's Twitter-like service, hit by worm

weibo-thumb

A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.