Dark Reading

Researcher Details New Class Of Cross-Site Scripting Attack

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research ...
Bleeping Computer

Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. Now ...
Bleeping Computer

Zimbra urges admins to manually fix zero-day exploited in attacks

Zimbra urged admins today to manually fix a zero-day vulnerability actively exploited to target and compromise Zimbra Collaboration Suite (ZCS) email servers. This widely adopted email and ...
Threat Post

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight. An unpatched stored cross-site-scripting (XSS) ...