TechSpot

Apple AirTags are vulnerable to stored XSS injection attacks

PSA: Be warned: Apple AirTags are currently vulnerable to stored cross-site scripting (XSS) attacks. Among the various XSS exploits possible is a simple site redirect. If you find an AirTag and are ...
Bleeping Computer

Hackers Exploit Recent WordPress Plugin Bugs for Malvertising

An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's ...
Bleeping Computer

Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts

Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without ...
Threat Post

Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site. Magento patched 37 vulnerabilities on Thursday, ...
Searchenginejournal.com

XSS Vulnerability Affects Beaver Builder WordPress Page Builder

Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to use drag and drop interface. Users can start with a predesigned template or create a ...
Cybernews

Flaw at major enterprise chatbot maker leads to cookie theft

Yellow.ai's customer service chatbot had a major security flaw that enabled cookie theft and account hijacking. The issue has ...