tldrdailynews.com logo
Tag

Xss

All articles tagged with #xss

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches
security10 days ago

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches

Microsoft warns of a spoofing vulnerability in Exchange Server (CVE-2026-42897) that attackers can exploit via cross-site scripting to run arbitrary JavaScript in Outlook on the Web; patches aren’t yet available, but the Exchange Emergency Mitigation Service (EEMS) can automatically shield on-premises servers, with guidance to enable it now and an option to use the Exchange On-Premises Mitigation Tool (EOMT) for air-gapped networks. Mitigations may disrupt OWA features (calendar printing, inline images) and some OWA modes, and patches are planned for SE RTM and specific CU releases, though 2016/2019 updates may be limited to ESU Period 2. CISA/NSA previously highlighted widely exploited Exchange flaws and guidance to harden servers.

via BleepingComputer|
#cve-2026-42897#exchange-server#mitigations
Canvas breach uses XSS to deface portals and pressure ransom campaigns
technology15 days ago

Canvas breach uses XSS to deface portals and pressure ransom campaigns

Instructure confirmed attackers exploited multiple cross-site scripting flaws in the Canvas Free-for-Teacher environment to hijack authenticated admin sessions, deface login portals, and trigger a ransom demand by ShinyHunters. The initial breach exposed data from about 8,809 educational organizations, with ShinyHunters claiming as many as 275 million records stolen; the defacement itself did not involve direct data loss, and Canvas has since been restored after a temporary shutdown.

via BleepingComputer|
#canvas#cybersecurity#data-breach
CISA Adds OpenPLC ScadaBR XSS Vulnerability to KEV Amid Exploits
cybersecurity5 months ago

CISA Adds OpenPLC ScadaBR XSS Vulnerability to KEV Amid Exploits

CISA has added the actively exploited CVE-2021-26829 XSS vulnerability in OpenPLC ScadaBR to its KEV catalog, highlighting ongoing threats from hacktivist groups like TwoNet, which exploited this flaw in a honeypot to deface a system. The attack involved using default credentials and web application layer exploits, with federal agencies required to patch by December 19, 2025. Additionally, a long-running exploit operation targeting Brazil has been observed, utilizing legitimate cloud infrastructure to evade detection.

via The Hacker News|
#cisa#cve-2021-26829#cybersecurity
GitLab Patches Critical Account Takeover Vulnerability
cybersecurity2 years ago

GitLab Patches Critical Account Takeover Vulnerability

GitLab has patched a high-severity XSS vulnerability (CVE-2024-4835) in its VS code editor that could allow unauthenticated attackers to take over user accounts. The company urges immediate updates to versions 17.0.1, 16.11.3, and 16.10.6 for both Community and Enterprise Editions. Additionally, six medium-severity flaws were also addressed, including a CSRF vulnerability and a denial-of-service bug. GitLab accounts are high-value targets due to the sensitive data they host, and previous vulnerabilities have been actively exploited.

via BleepingComputer|
#cve-2024-4835#cybersecurity#gitlab
Global Governments Targeted in Massive Zimbra Zero-Day Hacking Spree
cybersecurity2 years ago

Global Governments Targeted in Massive Zimbra Zero-Day Hacking Spree

Google's Threat Analysis Group (TAG) has discovered that hackers exploited a zero-day vulnerability in Zimbra Collaboration email server, known as CVE-2023-37580, to steal sensitive data from government systems in multiple countries. The vulnerability, an XSS issue in the Zimbra Classic Web Client, was exploited by four distinct threat actors before the vendor released a patch. The attacks involved email data exfiltration, auto-forwarding, and phishing. Google's report highlights the importance of timely security updates, even for medium-severity vulnerabilities, as adversaries can exploit them to further their attacks. This incident is another example of XSS flaws being leveraged to target mail servers.

via BleepingComputer|
#cybersecurity#google#government-organizations
"Massive Cyber Espionage Campaign Targets European Governments with Webmail Zero-Day Exploit"
cybersecurity2 years ago

"Massive Cyber Espionage Campaign Targets European Governments with Webmail Zero-Day Exploit"

Pro-Russia hackers known as Winter Vivern have been exploiting a zero-day vulnerability in Roundcube, a widely used webmail software, to target governmental entities and a think tank in Europe. The vulnerability allowed the hackers to inject JavaScript into the Roundcube server application, triggering the server to send emails from selected targets to a server controlled by the threat actor. The attacks began on October 11 and were detected by security firm ESET, who promptly reported the vulnerability to Roundcube developers. Winter Vivern has previously targeted US government officials and has been active since at least 2020, primarily focusing on Europe and Central Asia. Users of Roundcube are advised to ensure they are running a patched version of the software.

via Ars Technica|
#cybersecurity#pro-russia-hackers#roundcube