News

Bleeping Computer6y

Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts

Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without ...
CNET14y

Microsoft warns of script injection attacks in IE

Microsoft says it's working to fix security vulnerability that lets attackers inject client-side scripts to Internet Explorer users. Josh Lowensohn joined CNET in 2006 and now covers Apple. Before ...
Searchenginejournal.com1y

Google Tag Manager Contains Hidden Data Leaks & Vulnerabilities

Researchers uncover data leaks in Google Tag Manager (GTM) as well as security vulnerabilities, arbitrary script injections and instances of consent for data collection enabled by default. A legal ...
Bleeping Computer1y

Hacked WordPress sites use visitors' browsers to hack other sites

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. The campaign was first spotted by website ...
Computerworld9y

State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites

Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses, a new report shows. Security researchers ...
ZDNet3y

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Card-skimming malware is increasingly using malicious PHP script on web servers to manipulate payment pages in order to bypass browser defenses triggered by JavaScript code, according to Microsoft.
Ars Technica1y

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable ...