Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Bleeping Computer

CISA urges software devs to weed out XSS vulnerabilities

CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal ...
Bleeping Computer

Netgear warns users to patch auth bypass, XSS router flaws

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router ...