登录查看更多内容

Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw

X Cyber Group (XCyber?)

We work with clients to keep data, people and businesses protected within the geography of the internet.

发布日期: 2024年7月30日

Salt Labs, the research arm of API security firm Salt Security, has discovered and published details of a cross-site scripting (XSS) attack that could potentially impact millions of websites around the world.

This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.?

X Cyber Group (XCyber?)的更多文章

2025年3月7日

North Korea's Lazarus finishes laundering $1B+ in less than two weeks

Analysts from Lookonchain, Nansen, and Arkham confirmed that the criminals had emptied their wallet containing the…
2025年3月3日

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals, Russia-based…
2025年2月28日

26 New Threat Groups Spotted in 2024: CrowdStrike

CrowdStrike this week published its 2025 Global?Threat Report, which summarises the latest adversary tactics and…
2025年2月28日

Hacker Behind Over 90 Data Leaks Arrested in Thailand

A 39-year-old Singaporean man accused of being a hacker responsible for over 90 data leaks has been arrested in…
2025年2月28日

FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge

The Bybit hack, which resulted in the theft of nearly $1.5 billion worth of Ethereum cryptocurrency, was carried out on…
2025年2月27日

Ghost Ransomware Targets Orgs in 70+ Countries

The China-backed Ghost ransomware group (also known as Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and…
2025年2月27日

New Anubis Ransomware Could Pose Major Threat to Organisations

The group emerged as recently as late 2024, although researchers believe that its members have experience in…
2025年2月26日

Nine Threat Groups Active in OT Operations in 2024: Dragos

On 25 February 2025, Industrial cybersecurity company Dragos published its 2025 OT/ICS Cybersecurity Report, which…
2025年2月26日

Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts

A botnet controlled by a threat actor linked to China has been observed targeting Microsoft 365 accounts with…
2025年2月26日

Leader of North Korean Hackers Sanctioned by EU

A majority of the sanctioned entities are Russian companies and nationals, but there are also a handful of Chinese and…

See all articles

社区洞察

Information Security

What are the differences between XSS and CSRF?
Website Building

How do you educate your website users about the risks of CSRF and how to avoid them?
Software Design

How can you test for server-side template injection (SSTI) vulnerabilities?
Secure Sockets Layer (SSL)

What are the best practices for configuring TLS false start in Chrome?
RESTful WebServices

How do you deal with rate limit abuse or malicious requests to your RESTful API?
Web Development

How can you secure your front-end data?
Security Testing

How do you keep up with the latest trends and standards for CSP and frame options?
Computer Repair

How can you protect your web applications from password brute-forcing?
Cybersecurity

How can you secure web applications with user-generated content?
Information Security

How can you design a web application architecture that resists man-in-the-middle attacks?

其他会员也浏览了

Chrome Under Attack - Update ASAP

Dan Duran 9 个月
Update Chrome Immediately To Patch A Newly Discovered Vulnerability That Is Now Being Exploited.

Dan Duran 1 年
Google Patches Second Chrome Zero-Day Vulnerability of 2023

Ashwin HarishP 1 年
Resolute - Hack The Box

Rohit Jain 4 年
Hackers Exploit A Critical Google Chrome And Microsoft Edge Vulnerability, Update Now To Fix It

Jason Kidman 2 年
7-zip archive silently fixed Critical severity vulnerability

Aivaras Klisauskas 8 个月
Cybertips -THM Wgel CTF

Juan Carlos P. Melgar 2 年
Is it bye bye for Mirai?

Tom Millar 8 年
SPAM is Violence; Anatomy of Assault

Simon Aloyts 5 年

X Cyber Group (XCyber?)的更多文章

North Korea's Lazarus finishes laundering $1B+ in less than two weeks

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

26 New Threat Groups Spotted in 2024: CrowdStrike

Hacker Behind Over 90 Data Leaks Arrested in Thailand

FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge

Ghost Ransomware Targets Orgs in 70+ Countries

New Anubis Ransomware Could Pose Major Threat to Organisations

Nine Threat Groups Active in OT Operations in 2024: Dragos

Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts

Leader of North Korean Hackers Sanctioned by EU

社区洞察

其他会员也浏览了

Chrome Under Attack - Update ASAP

Update Chrome Immediately To Patch A Newly Discovered Vulnerability That Is Now Being Exploited.

Google Patches Second Chrome Zero-Day Vulnerability of 2023

Resolute - Hack The Box

Hackers Exploit A Critical Google Chrome And Microsoft Edge Vulnerability, Update Now To Fix It

7-zip archive silently fixed Critical severity vulnerability

Cybertips -THM Wgel CTF

Is it bye bye for Mirai?

SPAM is Violence; Anatomy of Assault