(get it in RSS or Atom)

WordPress 4.2.3 is out, update your website now

Wordpress 4.2.3 is out, update your website now

If you manage a website that utilizes Wordpress - update now! The latest version has been released and includes a fix for a cross-site scripting (XSS) vulnerability that your website could do without.

Google Chrome "bad link" detection bypass - found, fixed

Here's a small and simple XSS detection hole in Google Chrome - a reminder that even determined programmers sometimes overlook the obvious.

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Internet Explorer has a Cross Site Scripting zero-day bug


Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

SSCC 166 - A sleeping bag and a camping stove to queue for an iPhone? [PODCAST]

For your listening pleasure!

Here's the latest episode in our weekly podcast series...

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

eBay takes flak for leaving rigged iPhone listing up for 12 hours

Ebay. Image courtesy of Radu Bercan/Shutterstock.com

eBay's getting flak for its chilled response to a serious XSS attack, sprung when a user clicked on a fake listing for an Iphone 5S and was redirected to a spoofed site that was after users' login credentials.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Twitter jumps to block XSS worm in Tweetdeck


A cross-site scripting flaw was disclosed this morning affecting the popular Twitter application Tweetdeck. It has now been fixed, but not before it wormed its way through thousands of browsers.

Yahoo pays first bug bounty - $12.50 in Company Store credit

Yahoo pays first bug bounty - $12.50 in Company Store credit

$12.50 per vulnerability, only to be spent in the Yahoo Company Store, mind you, is what security researchers got for finding four XSS vulnerabilities. The security outfit, High-Tech Bridge, is understandably a bit miffed.

PayPal refuses to pay bug-finding teen

PayPal refuses to pay bug-finding teen

A 17-year-old German student says he found a bug on PayPal's site but the company won't fork over the reward money. PayPal said someone had already found the bug but they also cited an age guideline that isn't actually included in its bug bounty program guidelines.

Anatomy of an exploit - Linksys router remote password change hole


A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Apple password reset website - gaping hole found, fixed


Apple has had a good-bad-good-bad week of it in the computer security environment.

Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...

"Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

Pintrest logo

Another rash of account takeovers on the photo-sharing site Pinterest has spilled over onto Twitter and Facebook, as spammers take advantage of linked accounts.

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

Apple's latest update to iOS just came out.

Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.

25 'VeriSign Trusted' shops found to have XSS holes

25 'VeriSign Trusted' shops found to have XSS holes

A grey hat hacker has discovered cross-site scripting (XSS) holes in 25 UK online stores that are certified as safe by the likes of VeriSign, Visa, and MasterCard.

XSS flaw in WordPress 3.3 - How the smallest things make testing tough


Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.

Facebook explains pornographic shock spam, hints at browser vulnerability


Facebook has released a statement about the fast spreading offensive messages that have been posted to many users walls. They claim there is a browser vulnerability that allowed users to paste malicious JavaScript into their web browsers and post the offensive messages.

Weibo, China's Twitter-like service, hit by worm


A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.

Sony Portugal latest to fall to hackers


Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?