XSS攻撃の温床「innerHTML」はもう終わり、「Firefox 148」に「setHTML ...

先日リリースされた「Firefox 148」には、主要Webブラウザーで初めて「Sanitizer API」が実装されているとのこと。「クロスサイトスクリプティング」と呼ばれるタイプの脆弱性を抑制する技術として期待されており、他のWebブラウザーも追随する見込みだ。
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
The Register on MSN

SerpApi says Google is the pot calling the kettle black when it comes to scraping

'The DMCA was not designed to create walled gardens for tech giants' SerpApi, a Texas-based web scraping company, has asked a ...
Opinion

Colbert fallout: When American TV is censored, Canadian networks are, too, by proxy

Since a merger last summer, CBS’s parent company, Paramount Skydance – which is attempting to acquire Warner Bros. Discovery and become an even bigger media conglomerate, a move that will require ...
The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack ...