ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...

WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same ...

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...

Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to use drag and drop interface. Users can start with a predesigned template or create a ...

It was no XSS attack, but it was a close call just the same this weekend for the Website run by a group of hackers that's been posting cross-site scripting (XSS) vulnerabilities online. (See Hackers ...

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

You’d think the Web designers and masters of a major presidential campaign site would get it right wouldn’t you? I mean, they’re running these sites to convince voters to get their person into the ...

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm. The plugins are ...

A man suspected of administering the Russian-language cybercrime forum XSS was arrested in Ukraine on July 22. In an official statement on July 23, Laure Beccuau, a French State Prosecutor, said that ...