Weird Apple Podcasts behavior could enable cross-site hacking attempts

If you’ve had Apple Podcasts open randomly to a show you don’t subscribe to, you’re not alone. Here’s what’s going on.
Bleeping Computer

Hackers steal data of 2 million in SQL injection, XSS attacks

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...