Security news aggregator

Latest coverage for XSS

XSS lets attackers run scripts in a victim's browser, enabling data theft or account abuse; contextual output encoding and CSP reduce risk.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Cross-site scripting (XSS) is a web-application flaw in which attacker-controlled input is interpreted as script in another user’s browser. It can be stored in application data, reflected in an immediate response, or introduced by unsafe client-side code (DOM-based XSS). The script runs in the affected site’s origin, so it may read page content, alter requests, or perform actions available to the victim; impact depends on the victim’s privileges and the application’s defenses.

The primary mitigation is context-aware output encoding: treat untrusted data as text when inserting it into HTML, attributes, URLs, JavaScript, or CSS, and use safe DOM APIs such as textContent rather than unsafe HTML insertion. If user-authored HTML is required, apply a well-tested HTML sanitizer. A restrictive Content Security Policy can limit exploitability but is defense in depth, not a substitute for correct encoding. HttpOnly cookies can reduce direct cookie theft, but do not prevent XSS from performing in-session actions.

Showing 1 most recent headlines Filtered view
Krebs on Security 11 months, 1 week ago

Who Got Arrested in the Raid on the XSS Crime Forum?

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.