SecurityWeek

In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill.

Cisco warns of IOS zero-day vulnerability exploited in attacks

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that ...
Cybernews

Flaw at major enterprise chatbot maker leads to cookie theft

Yellow.ai's customer service chatbot had a major security flaw that enabled cookie theft and account hijacking. The issue has ...
Bleeping Computer

Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. Now ...
Threat Post

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Canopy, a parental control app that offers a range of features ...
Infosecurity-magazine.com

Researchers Uncover XSS Vulnerabilities in Azure Services

Cybersecurity experts at Orca Security have identified two critical cross-site scripting (XSS) vulnerabilities in Microsoft Azure services. The flaws, which exploited a weakness in the postMessage ...
Searchenginejournal.com

WordPress Discovers XSS Vulnerability – Recommends Updating To 6.5.2

WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same ...
ZDNet

XSS vulnerability found in popular WYSIWYG website editor

Discovered by Bishop Fox security consultant Chris Davis and publicly disclosed on Wednesday, the bug, tracked as CVE-2021-28114, impacts Froala version 3.2.6 and earlier. Froala is a lightweight What ...