Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs. WordPress developers are encouraging users of the content management system to apply ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks. A ...

Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on ...

It’s common knowledge that images make webpages, email footers and other similar elements more presentable and attractive. But a simple image containing a malicious link can be a serious threat. For ...

The U.S. Government National Vulnerability Database published warnings of multiple vulnerabilities affecting WordPress. There are multiple kinds of vulnerabilities affecting WordPress, including a ...

After Cross Site Scripting (XSS), the second most common web application security exploit is probably one you haven’t heard of: Cross Site Request Forgery (or CSRF for short). This little-known but ...

The Ninja Forms WordPress plugin harbored a severe security flaw that could be used for website takeover through the creation of new administrator accounts. Ninja Forms is a drag-and-drop contact form ...