ZDNet

Hackers looking into injecting card stealing code on routers, rather than websites

Security researchers at IBM have found evidence that hackers have been working on creating malicious scripts they can deploy on commercial-grade "Layer 7" routers to steal payment card details. This ...
Bleeping Computer

Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts

Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without ...
Computerworld

State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites

Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses, a new report shows. Security researchers ...
Bleeping Computer

Hacked sites caught spreading malware via fake Chrome updates

Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors. The campaign has been underway since November ...
Searchenginejournal.com

Google Tag Manager Contains Hidden Data Leaks & Vulnerabilities

Researchers uncover data leaks in Google Tag Manager (GTM) as well as security vulnerabilities, arbitrary script injections and instances of consent for data collection enabled by default. A legal ...
ZDNet

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Card-skimming malware is increasingly using malicious PHP script on web servers to manipulate payment pages in order to bypass browser defenses triggered by JavaScript code, according to Microsoft.
HotHardware

Facebook and Instagram's In-App Browser Exploits Expose User Privacy Concerns

Facebook’s collection and sale of user data for advertising purposes took a huge hit when Apple introduced its App Tracking Transparency (ATT) feature, with Facebook projecting that it will lose out ...