News

Cybernews

Flaw at major enterprise chatbot maker leads to cookie theft

Yellow.ai's customer service chatbot had a major security flaw that enabled cookie theft and account hijacking. The issue has been patched.
Business Insider

Forbes Exploited: XSS Vulnerabilities Allow Phishers to Hijack Sessions & Steal Logins

Here's another delicious Byte. Ucha Gobejishvili, a Georgian Security Researcher under the handle of longrifle0x, discovered two cross site scripting (XSS) vulnerabilities on the official website of ...

Bad news - your web firewall may definitely not be as resilient as you may have thought

Configuration oversights can still be leveraged in attacks - despite costly WAFs protecting the infrastructure.
ZDNet

Netflix Sleepy Puppy XSS flaw detection tool goes open source

Cross-site scripting is a web application vulnerability which allows attackers to execute arbitrary code client-side in a victim's browser, which can lead to browser session hijacking or the theft of ...