#web-security

[ follow ]
fromThe Hacker News
1 week ago

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

"This was a stealth miner, designed to avoid detection by staying below the radar of both users and security tools," security researcher Himanshu Anand said.
Privacy professionals
#cors
fromHackernoon
4 years ago
Web development

A Developer's Guide to Same-Origin Policy (SOP) and Cross-Origin Resource Sharing (CORS) | HackerNoon

fromHackernoon
4 years ago
Web development

A Developer's Guide to Same-Origin Policy (SOP) and Cross-Origin Resource Sharing (CORS) | HackerNoon

more#cors
Privacy technologies
fromZDNET
2 weeks ago

Fed up with AI scraping your content? This open-source bot blocker can help - here's how

Over half of web visits are from data scrapers, prompting the need for protective measures like Anubis.
fromZDNET
3 weeks ago

How Let's Encrypt made the internet safer and HTTPS standard - and free

SSL was then, and is now, the minimum security a safe website should provide to its users. The protocol was also a major pain to set up and expensive to boot.
Privacy technologies
#cybersecurity
fromTechzine Global
4 months ago
Web frameworks

The browser is riddled with bugs, 2025 may squash them

SquareX's initiative emphasizes the urgent need to address browser security vulnerabilities as web browsers are critical yet often overlooked in cybersecurity.
fromBloomberg
7 months ago
JavaScript

Bloomberg

The article discusses a common web security measure that confirms user identity to prevent fraud.
Marketing tech
fromThe Hacker News
1 month ago

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

A large-scale cybersecurity campaign is compromising legitimate websites through malicious JavaScript injections utilizing an obfuscation technique known as JSFireTruck.
Web frameworks
fromTechzine Global
4 months ago

The browser is riddled with bugs, 2025 may squash them

SquareX's initiative emphasizes the urgent need to address browser security vulnerabilities as web browsers are critical yet often overlooked in cybersecurity.
more#cybersecurity
fromCSO Online
1 month ago

Google patches third zero-day flaw in Chrome this year

Chrome's V8 engine has a serious vulnerability that can be exploited via malicious web pages.
Google restricts bug details until most users can update to protect them.
fromArs Technica
1 month ago

Two certificate authorities booted from the good graces of Chrome

Google's Chrome will stop trusting certificates from Chunghwa Telecom and Netlock due to observed compliance failures.
fromZacks
1 month ago

Pardon Our Interruption

"Ensure that your browser is configured to allow cookies and JavaScript, as disabling either can trigger bot detection mechanisms on websites."
#browser-issues
more#browser-issues
fromTheregister
3 months ago

Chrome preps fix for browser history spying

When this technique first emerged, this could be done by including a script on the page that iterates through all the links on the page using the browser's window.getComputedStyle method and records the color used to render them.
Privacy technologies
fromThe Hacker News
3 months ago

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the mu-plugins directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.
Web development
fromZDNET
4 months ago

You have 4 days to update Firefox before everything breaks

On March 14, 2025, a root certificate expired for Mozilla projects, necessitating all Firefox users to update to version 128 or risk losing functionality.
Privacy technologies
Information security
fromHackernoon
4 months ago

The Internet Is Full of Duplicate Requests-Here's How Smart Developers Prevent Them | HackerNoon

Request security is critical in web application development to prevent data leaks and financial errors.
Implementing idempotency keys prevents duplicate operations and maintains data integrity.
Privacy technologies
fromZDNET
4 months ago

Google Chrome is killing more extensions than you think - is your old favorite on the list?

Manifest V3 enhances Chrome security but blocks unsupported extensions, increasing user challenges.
fromBloomberg
7 months ago
JavaScript

Bloomberg

Unusual network activity can trigger security measures that require user verification.
fromBloomberg
8 months ago
JavaScript

Bloomberg

Unusual network activity can lead to security prompts to verify user authenticity.
fromBloomberg
8 months ago
JavaScript

Bloomberg

Unusual network activity can trigger automated security protocols requiring user verification.
Information security
fromZDNET
10 months ago

How to use the open-source Proton VPN browser extension

Browser-based VPNs only protect web traffic, not other applications.
Proton VPN is highly recommended for its usability and security features.
You need a paid account for Proton VPN with no free options available.
[ Load more ]