Cross-site scripting (XSS) is a form of exploit where an attacker somehow places malicious JavaScript into a webpage. It can potentially allow the attacker to gain access to your account, steal ...

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies. The Department of Homeland Security has warned federal agencies ...

[ UPDATE: Microsoft plans to ship an XSS filter update in June 2010to fix what is hopefully the last attack scenario ] The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 ...

XSS accounted for 69% of blocked attacks in FireHost’s Q4 2012 web application attack statistics. And they can be very dangerous: in a typical XSS attack, an attacker sends a malicious link to an ...

A US-based security expert is to release details of a tool that can use cross-site scripting (XSS) flaws and JavaScript to create a distributed botnet without any kind of user interaction at all. XSS ...

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. Microsoft is planning an update to the cross-site ...

Attackers exploited a vulnerability in a popular video-sharing site to hijack users’ browsers for use in a large-scale distributed denial-of-service attack, according to researchers from Web security ...

Hackers hit YouTube over the weekend, injecting pop-ups, disabling comments and redirecting viewers to porn sites when they tried to access videos. Google clamped down on the problem swiftly and is ...

A new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts is for sale in an exclusive underground market for $700, less than half of market value ...

You’d think the Web designers and masters of a major presidential campaign site would get it right wouldn’t you? I mean, they’re running these sites to convince voters to get their person into the ...