StealC hackers hacked as researchers hijack malware control panels

A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware ...
Threat Post

How to Secure Web Apps Against XSS Flaws

As a security researcher, I regularly come across software vulnerabilities. Some can have a deep and lasting effect on the way customers and clients view the security of the organization and some can ...
Dark Reading

CISA Urges Software Makers to Eliminate XSS Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are urging organizations to focus on eliminating cross-site scripting vulnerabilities in ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
ZDNet

Google to remove Chrome's built-in XSS protection (XSS Auditor)

Google engineers plan to remove a Chrome security feature that has not been living up to par with the protections with was supposed to provide for years. Named XSS Auditor, the feature was added to ...
SpaceNews

Cartwright Interested in Operational XSS-like Satellites

U.S. Strategic Command is interested in fielding operational satellites in the near future that would rendezvous with other spacecraft in low Earth orbit for surveillance purposes, according to the ...