IntroCross-site scripting (aka XSS) has rightfully claimed its place as one of the most popular web vulnerabilities. Since its first emergence, somewhere in the dark days of the internet, countless vulnerabilities have been found across websites everywhere. Therefore, it comes as no surprise that XSS has been consistently highlighted as ... Read More

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.Intro ChatGPTUnless you’ve been living under a rock for the past year or so, you’ve probably ... Read More

Hackers could take over millions of accounts on Grammarly, Vidio and Bukalapak. The issue was fixed but users at other websites could still be at risk.OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce ... Read More

This post is the second in a series describing OAuth implementation issues that put companies at risk. We create these posts to share rich technical details, drawn from real-world use cases, to educate the broader industry on the nature of these errors, their potential impact, and how to avoid them ... Read More

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation — for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication — for example, to log into your application using Google ... Read More