Yahoo flaw, now fixed, allowed hackers to access any user’s email

Malicious code could have been used to compromise an account, forward messages to an external account, or even spread a Yahoo Mail-infecting virus.

Read more in my article on the We Live Security blog.

Shopping online at ASDA could put your credit card details at risk

Despite having ample opportunity to resolve the issues, ASDA has failed to do so.

Watch Paul Moore’s video to learn more.


How websites help criminals phish customers’ passwords

The recently discovered XSS flaw on eBay’s website could have put users’ accounts at risk. And sadly, it’s not an uncommon problem.

Read more in my article on the Bitdefender Business Insights blog.


Lucky escape. Worm could have exploited LinkedIn XSS vulnerability

Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn’s website has been fixed by its security team.

Read more in my article on the Hot for Security blog.

Starbucks stays schtum, after patching critical website vulnerabilities

Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.

David Bisson reports.


PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

Read more in my article on the Lumension State of Security blog.


XSS flaw put Salesforce accounts at risk of hijacking

Hackers could have phished usernames and passwords from customers, while they were on the Salesforce website.

Read more in my article on the Tripwire State of Security blog.

WordPress 4.2.4 released, fixing critical security holes. Update immediately!

Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”

WordPress 4.2.3 released, fixing critical security hole. Update!

Do you, or your business, run a self-hosted WordPress site?

If so, it’s time to ensure that you are updating to the latest version.

How to monitor XSS attacks and other security threats on your website, in real-time

Security researcher Scott Helme describes how you can better secure your website from cross-site scripting attacks, ad injectors and malvertising.


Millions of WordPress websites at risk from in-the-wild exploit

Many WordPress sites are at risk of hijack, after cross-site scripting vulnerability uncovered.

Read more in my article on the Tripwire State of Security blog.

If you’re going to run WordPress, please please keep it updated

Researcher complains that WordPress has been ignoring his vulnerability reports, as details of zero-day comments XSS flaw are made public and then patched.

Popular WordPress plugins found vulnerable to XSS vulnerability

Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…

XSS flaws expose weaknesses on Amazon and UK newspaper websites

Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’ settings and phish login credentials.

So how come websites keep falling foul of them?


XSS vulnerabilities found on TripAdvisor and Uber websites

XSS vulnerabilities are nothing new, but continue to be a big problem even for some websites that you would expect to be better protected.

Read more in my article on the Tripwire State of Security blog.


WYSIWYG editors could be an avenue for XSS attacks, warns researcher

Online WYSIWYG editors allowing rich content could be making it easier for attackers to launch cross-site scripting (XSS) attacks.

Read more in my article on the Tripwire State of Security blog.