Over half a million VKontakte accounts hijacked using malicious Chrome extensions

Five extensions were doing all sorts of malicious acts, including stealing payment data.
ZDNet

Critical CSRF vulnerability found on Glassdoor company review platform

Glassdoor, a website for job hunting and posting anonymous company reviews, has resolved a critical issue that could be exploited to take over accounts. Bug bounty researcher "Tabahi" (ta8ahi) found ...
Ars Technica

Rails - CSRF tokens failing on iPhones?

Has anyone seen any problems with Rails' CSRF protection failing on iPhones?<BR><BR>We've had a couple of reports from users who're are seeing Rails' 422 "change rejected" page, and I can only think ...
TheServerSide

Don't let plugins open up more Jenkins vulnerabilities

With every new software development project, there comes the reality that new bugs may be introduced into the system, especially when that new project integrates with a number of other important ...
CSOonline

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several ...