Ars Technica

Spies hack high-value mail servers using an exploit from yesteryear

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly ...
ZDNet

'Self-XSS' flaw in found Microsoft Dynamics CRM

A flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a logged-in user into inserting malicious code within input fields on vulnerable websites. Information security ...
Dark Reading

'Ardilla' Automatically Roots Out SQL Injection And XSS, Generates Attacks

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. The so-called Ardilla tool uses a technique developed by ...
Threat Post

Cisco ASA Bug Now Actively Exploited as PoC Drops

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter. Researchers have dropped a proof-of-concept (PoC) exploit on ...
Dark Reading

Killer Combo: XSS + CSRF

Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...