eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. A security researcher discovered a new ...

[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999] One of the best tools we saw at LayerOne was the Exploit-Me series ...

A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts. The hacker, known as “TheHell”, ...

The exploit allows purveyors to hijack Yahoo! email accounts, redirecting legitimate users to malicious websites when they try to log on. The vulnerability and related entrepreneurial enterprise was ...

A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for ...

A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...

Cross-site scripting (XSS)/SQL injection attacks have been blamed for numerous data breaches, perhaps most notably the nightmare of the Heartland Payment Systems data breach. This type of attack has ...

Illustration by Mark Todd In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook’s controversial Instant Personalization feature. The ...

Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are ...

Cross-site scripting (XSS) was, is and probably will be the most popular web application vulnerability to exploit—so it’s good news that Google has developed an internal web application security ...