XSS - Tagged - Security Boulevard
hacker ransomware breach malware

How (and Why) Hacker Forums Self-Moderate

“Everything in moderation,” the saying goes. But it may come as a surprise that this expression even seems to apply to many of the hacker forums littered across the dark web. On ...
Security Boulevard
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The ...
CVE-2020-35774: twitter-server XSS Vulnerability Discovered

CVE-2020-35774: twitter-server XSS Vulnerability Discovered

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative ...
Drupal Core: Behind the Vulnerability

Drupal Core: Behind the Vulnerability

As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November ...
XSS

Great British Prank: Company Name Contains XSS Hack

A prankster registered a British company name containing a cross-site scripting (XSS) attack. Hilarity ensued ...
Security Boulevard
Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability ...

Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand

October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin ...
Reflected XSS in WordPress Plugin Admin Pages

Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has ...
Meetup.com Vulnerabilities Cause Privilege Escalation and Payment Redirection

Privilege Escalation on Meetup.com Enabled Redirection of Payments

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...

92% of the world’s top websites expose customer data to attackers

Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk - and security effectiveness is ...