eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. A security researcher discovered a new ...

A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts. The hacker, known as “TheHell”, ...

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...

The exploit allows purveyors to hijack Yahoo! email accounts, redirecting legitimate users to malicious websites when they try to log on. The vulnerability and related entrepreneurial enterprise was ...

Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are ...

A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for ...

Illustration by Mark Todd In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook’s controversial Instant Personalization feature. The ...

Canadian researchers have built a set of free exploit tools for Web applications that run as Firefox browser plug-ins; the so-called ExploitMe suite includes tools for cross-site scripting (XSS) and ...

In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook's controversial Instant Personalization feature. The exploit ran on Yelp, one of ...