News

Cybernews

Flaw at major enterprise chatbot maker leads to cookie theft

Yellow.ai's customer service chatbot had a major security flaw that enabled cookie theft and account hijacking. The issue has ...

Bad news - your web firewall may definitely not be as resilient as you may have thought

Configuration oversights can still be leveraged in attacks - despite costly WAFs protecting the infrastructure.
Computerworld

How to defeat the new No. 1 security threat: cross-site scripting

Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk. In a typical XSS scenario, a Web page might use ...
Hackaday

This Week In Security: Discord, Chromium, And WordPress Forced Updates

[Masato Kinugawa] found a series of bugs that, when strung together, allowed remote code execution in the Discord desktop app. Discord’s desktop application is an Electron powered app, meaning it’s a ...