StealC hackers hacked as researchers hijack malware control panels

A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware ...
Threat Post

TweetDeck Taken Down in Wake of XSS Attacks

TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today. TweetDeck services have been disabled for the time being as Twitter tries to get a ...
Dark Reading

Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

Microsoft, already under scrutiny for its cloud security practices, recently patched as many as eight severe vulnerabilities in various Apache services in Azure HDInsight — the software giant's ...
Dark Reading

Twitter Attack An XSS Wake-Up Call

The high-profile attack that hit the Twitter website early this morning and affected tens to hundreds of thousands of Twitter users serves as a reminder of just how the pervasive but often-dismissed ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Threat Post

Facebook, News and XSS Underpin Complex Browser Locker Attack

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support ...
Infosecurity-magazine.com

CISA Issues Advice to Help Eliminate XSS Bugs

A leading US security agency has released some timely advice designed to raise awareness about coding best practice to eliminate one of the most common classes of software vulnerability. Teaming up ...