XSS
From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the ...
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security ...
Securing Networks: Addressing pfSense Vulnerabilities
In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected ...
Over 2 million Websites Vulnerable to XSS Exploit (CVE-2023-30777) in WordPress Plugin
A zero-day vulnerability, denoted by the CVE identifier CVE-2023-30777, exposes a dangerous reflected cross-site scripting (XSS) flaw The post Over 2 million Websites Vulnerable to XSS Exploit (CVE-2023-30777) in WordPress Plugin appeared ...
Clipboard Hijacking Can Turn Your Copied Text into A Threat
Introduction In today’s world, where people spend a significant portion of their time online, cyber threats are becoming increasingly sophisticated and dangerous. One such threat is “PasteJacking or clipboard hijacking.” It is ...
Amid Exodus, Threat Actor Advertises US Immigration Services on Russian-Language DDW Forum XSS
A threat actor called “Royal Bank” is offering alleged immigration services to the US or Canada on XSS, a Russian-language DDW forum, Flashpoint has identified. The post Amid Exodus, Threat Actor Advertises ...
Four Key Findings from the 2022 Cyberthreat Defense Report
For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today ...
Understanding and Preventing Layer 7 Attacks
The open systems interconnection (OSI) is a reference model for layering interoperability and networking of communicating systems via standard protocols. Even though cybersecurity attacks can happen anywhere in the OSI model, Layer ...
Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely ...
The ‘Groove’ Ransomware Gang Was a Hoax
A number of publications in September warned about the emergence of "Groove," a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now ...