Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service.
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed "Sleepy Puppy." Sleepy Puppy is meant to address the biggest problem with identifying omnipresent XSS issues: finding them not only on targeted applications, but also on others that are not available to the tester, but whose presence ultimately also endangers users.
Robert Hansen, Vice President of WhiteHat Security Labs, has more than 20 years of web application and browser security experience.
Elastica discovered an injection vulnerability in Salesforce which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users' login credentials and hijack accounts.
CDNetworks, the global content delivery network (CDN), will showcase Cloud Security 2.0 this week at Black Hat USA 2015, Booth IP29.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.