Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks. A ...

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs. WordPress developers are encouraging users of the content management system to apply ...

Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on ...

It’s common knowledge that images make webpages, email footers and other similar elements more presentable and attractive. But a simple image containing a malicious link can be a serious threat. For ...

After Cross Site Scripting (XSS), the second most common web application security exploit is probably one you haven’t heard of: Cross Site Request Forgery (or CSRF for short). This little-known but ...

The U.S. Government National Vulnerability Database published warnings of multiple vulnerabilities affecting WordPress. There are multiple kinds of vulnerabilities affecting WordPress, including a ...

The Ninja Forms WordPress plugin harbored a severe security flaw that could be used for website takeover through the creation of new administrator accounts. Ninja Forms is a drag-and-drop contact form ...

Popular WordPress plugin WP Fastest Cache plugin was discovered by Jetpack security researchers to have multiple vulnerabilities that could allow an attacker to assume full administrator privileges.