With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks.

HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity.

Eleven critical vulnerabilities have been patched in network management systems (NMS) from four leading manufacturers: Cloudview, Netikus, Paessler and Opmantek. The flaws enable remote cross-site scripting and command-injection attacks. Public disclosure of the vulnerabilities coincided with a technical description by Rapid7 released Wednesday; the research compliments earlier work on similar bugs found in 2015. Each of the 11 vulnerabilities varied...

Popular open source shopping cart app Zen Cart is warning its users of dozens of cross-site scripting vulnerabilities found in its software. Affected websites, security experts say, risk exposing customers to malware, theft of cookies data and site defacement. Researchers at the security firm Trustwave discovered the vulnerabilities in September 2015 and have worked closely...