Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.
David Bisson reports.
A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.
Read more in my article on the Lumension State of Security blog.
Hackers could have phished usernames and passwords from customers, while they were on the Salesforce website.
Read more in my article on the Tripwire State of Security blog.
Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”
Do you, or your business, run a self-hosted WordPress site?
If so, it’s time to ensure that you are updating to the latest version.
Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…
The BBC reports that users have been hit by a cross-site scripting flaw on eBay since at least February, putting passwords at risk of phishers.
A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.