Threat Post

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications. Most automated scanning and security ...
SecurityWeek

GhostPoster Firefox Extensions Hide Malware in Icons

Tens of thousands of users have installed GhostPoster Firefox extensions, which rely on steganography to hide malware in ...
Threat Post

GoDaddy Addresses Blind XSS Vulnerability Affecting Online Support

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Domain registrar GoDaddy fixed ...
ZDNet

Netflix Sleepy Puppy XSS flaw detection tool goes open source

Cross-site scripting is a web application vulnerability which allows attackers to execute arbitrary code client-side in a victim's browser, which can lead to browser session hijacking or the theft of ...
ZDNet

Researcher finds vulnerability in popular parental control app Canopy

A researcher with cybersecurity firm Tripwire has discovered a vulnerability in parental control app Canopy that allows attackers to plant JavaScript into the parent portal and gain access to all the ...
CSOonline

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Security researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and ...
AppleInsider

Apple pays $5,000 bug bounty for iCloud XSS bug discovery

A security researcher from India was awarded $5,000 from Apple via its bug bounty program, after discovering a cross-site scripting (XSS) flaw in iCloud. Since the discovery of the issue, Apple has ...