Dark Reading

CSRF Vulnerability: A 'Sleeping Giant'

If you think Cross-Site Scripting (XSS) is scary and prolific, just wait for the next big Website threat: Cross-Site Request Forgery (CSRF). But security researchers say it's only a matter of time ...
ZDNet

Critical CSRF vulnerability found on Glassdoor company review platform

Glassdoor, a website for job hunting and posting anonymous company reviews, has resolved a critical issue that could be exploited to take over accounts. Bug bounty researcher "Tabahi" (ta8ahi) found ...
Dark Reading

Popular Home DSL Routers At Risk Of CSRF Attack

A deadly attack typically associated with Websites can also be used on LAN/WAN devices, such as DSL routers, according to a researcher who this week demonstrated cross-site request forgery (CSRF) ...
Threat Post

PayPal Fixes CSRF Vulnerability in PayPal.me

PayPal recently fixed a vulnerability on its PayPal.me site that could’ve let an attacker change a user’s profile without their permission. PayPal recently fixed a vulnerability on its PayPal.me site ...
Bleeping Computer

CISA flags PaperCut RCE bug as exploited in attacks, patch now

CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery ...
ZDNet

Google downplays severity of Gmail CSRF flaw

Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to ...