News

Google Apps Script abused to launch dangerous phishing attacks
Threat actors have been seen abusing Google Apps Script to launch convincing phishing attacks and steal people’s Microsoft 365 login details. Cybersecurity researchers Cofense recently spotted one ...
CNET21y
Extra headaches of securing XML
For example, one security bulletin posted on security Web site SecurityFocus described an XML External Entity attack, which can exploit an incorrectly configured XML "parser," the software that ...
Threat Post8y
Patched ColdFusion Flaw Exposes Applications to Attack
Golunski said that ColdFusion 10 and 11 suffered from an XML External Entities (XXE ... and carry out server-side request forgery (SSRF) attacks and SMB relay attacks. SSRF attacks are carried ...
TheServerSide2y
JSON (JavaScript Object Notation)
JSON is used as an alternative to Extensible Markup Language (XML). JSON was originally ... to implement JavaScript insertion attacks against a web client, like a command injection or cross-site ...
Bleeping Computer11mon
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the ... the website owner's knowledge. In an example seen by Sansec, the modified script is primarily used to redirect users ...
PC World12y
Microsoft Patches XML Flaw Under Attack and 15 More Vulnerabilities
Storms notes that the XML flaw is already included in a variety of exploit toolkits, and attacks are circulating in the wild. Storms adds, “If you are paying close attention, you’ll notice ...