Weird Apple Podcasts behavior could enable cross-site hacking attempts

If you’ve had Apple Podcasts open randomly to a show you don’t subscribe to, you’re not alone. Here’s what’s going on.
CRN

Twitter Site Update Opened Hole For 'onMouseOver' XSS Attack

The teen, identified as Pearce Delphin, 17, detected the cross-site scripting (XSS) flaw which allowed JavaScript code to appear as plain text in tweets that could then be launched on the browsers of ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
CSOonline

‘Grafana Ghost’ XSS flaw exposes 47,000 servers to account takeover

A newly discovered cross-site scripting (XSS) vulnerability in Grafana — a widely used open-source analytics and visualization platform for developers — has put thousands of servers at risk of ...
CRN

Researchers Uncover 'Massive Security Flaws' In Amazon Cloud

Security researchers from Ruhr-University Bochum (RUB) found that Amazon Web Services was vulnerable to different methods of attack, including signature wrapping and cross site scripting, Those ...