News

Dark Reading

Law Enforcement Cracks Down on XSS — but Will It Last?

Law enforcement notched a significant victory against the cybercrime economy this week with the takedown of the notorious forum XSS and the arrest of its suspected administrator. Europol said on ...
ZDNet

PayPal fixes reflected XSS vulnerability in user wallet currency converter

First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue. The bug was found ...
TechCrunch

European authorities arrest alleged admin of notorious Russian crime forum XSS

European officials have confirmed the arrest of the alleged administrator behind XSS.is, one of the longest-running Russian-language cybercrime forums. Per Europol, the alleged administrator was ...
Bleeping Computer

Phishing campaign uses UPS.com XSS vuln to distribute malware

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel ...