Cross Site Scripting

AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that...

555

Cyber Attack

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code....

5.1K

Vulnerabilities

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges....

3.7K

Vulnerabilities

VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as...

2.1K

Vulnerabilities

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited...

593

Vulnerabilities

Alert: CISA Warns of Active ‘Roundcube’ Email Attacks – Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known...

2.6K

Data Breach

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known...

827

Vulnerabilities

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a...

3.1K

Vulnerabilities

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical...

4.5K

Vulnerabilities

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data,...

3.8K

Vulnerabilities

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023,...

1.9K

Vulnerabilities

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw....

3.2K

Vulnerabilities

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan,...

3.9K

Web Application Security

XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulns

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the...

3.0K

Data Breach

OkCupid Dating App Flaws Could’ve Let Hackers Read Your Private Messages

Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users’...

1.6K

Hacking Tools

DSXS | An open source, simple and effective XSS scanner that can be easily customized

Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python...

395

Cyber Events

How I Discovered My First Vulnerability

I have read a couple of books recently about different vulnerabilities in order to be able to better protect my projects/websites. Today,...

339

Video Tutorials

XSStrike 2.0 – Advanced XSS Detection and Exploitation Suite – Kali Linux 2018.1

XSStrike is an advanced XSS detection and exploitation suite. It has a powerful fuzzing engine and provides zero false positive result using...

268

Video Tutorials

XSSSNIPER – An Automatic XSS Discovery Tool – Kali Linux 2017.3

xsssniper is an handy xss discovery tool with mass scanning functionalities. Usage: Usage: xsssniper.py [options] Options: -h, --help show this help message...