Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. For its part, PayPal remedied the vulnerability about...

PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission. The issue stemmed from a cross-site request forgery (CSRF) vulnerability that existed in PayPal.me, a site the company launched last year to let its users request money; similar to what Venmo, another property it...

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogic, IBM WebSphere, Red Hat’s JBoss and others. PayPal this week put...