Threat Post

Facebook Takes Tougher Stand Against BREACH Attack

Facebook disclosed today how it has beefed up cross-site request forgery (CSRF) tokens in order to ward off the BREACH attack. The BREACH attack was the talk of Black Hat last summer. It was disclosed ...
ZDNet

Critical CSRF vulnerability found on Glassdoor company review platform

Glassdoor, a website for job hunting and posting anonymous company reviews, has resolved a critical issue that could be exploited to take over accounts. Bug bounty researcher "Tabahi" (ta8ahi) found ...
Ars Technica

Rails - CSRF tokens failing on iPhones?

Has anyone seen any problems with Rails' CSRF protection failing on iPhones?<BR><BR>We've had a couple of reports from users who're are seeing Rails' 422 "change rejected" page, and I can only think ...
Dark Reading

CSRF Still Armed And Dangerous

While they may not pack the same punch or crop up at the same frequency as injection or cross site scripting attacks, cross site request forgery (CSRF) attacks should still be very much on the radar ...
Threat Post

eBay Vulnerable to Account Hijacking Via XSRF

A researcher reported a cross-site request forgery vulnerability to eBay in August, and despite repeated communication from the online auction that the code has been repaired, the site remains ...
Searchenginejournal.com

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site ...