18 Jun 2019

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Read More
14 Jun 2019

The gaming community is a rising target for credential stuffing attacks

An extensive Akamai report on the state of Internet security highlights the growing cyber threat for gamers. According to the study, gaming websites were the target of around 12 billion credential stuffing attacks between (November 2017 and March 2019. In a credential stuffing attack, a threat actor uses leaked or

Read More
12 Jun 2019

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

New research by bug bounty firm HackerOne shows that cross-site scripting (XSS) vulnerabilities are still the most common type of security flaw found in web applications. XSS flaws can enable attackers to inject malicious code into websites in order to steal sensitive information from users. Miju Han of HackerOne says

Read More