#xss
#xss

[ follow ]

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A vulnerability in Anthropic's Claude Chrome Extension allowed attackers to inject malicious prompts without user interaction, compromising browser security.

Information security

fromSecurityWeek

1 month ago

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Critical and high-severity vulnerabilities were found in Apryse and Foxit PDF platforms that could enable account takeover, data exfiltration, and remote code execution.

Information security

fromZero Day Initiative

3 months ago

Zero Day Initiative - The December 2025 Security Update Review

Adobe released five bulletins addressing 139 CVEs—mostly XSS in Experience Manager—with Critical DOM-based XSS and a priority-1 ColdFusion fix; Microsoft released 56 Windows CVEs.

[ Load more ]

#xss#xss

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Zero Day Initiative - The December 2025 Security Update Review

#xss
#xss