12 matches found
CVE-2026-33764
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...
Hacktivists claim near-total Spotify music scrape
Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...
Perplexity Is a Bullshit Machine
A WIRED investigation shows that the AI-powered search startup Forbes has accused of stealing its content is surreptitiously scraping—and making things up out of thin air...
How to Prevent ChatGPT From Stealing Your Content & Traffic
ChatGPT and similar large language models LLMs have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service,...
Why You Shouldn't Tie IP Addresses to Tokens
Locking tokens to the client IP address might seem like a good way to prevent content theft, such as sharing of authenticated URLs that include tokens. It might even appear to work in small-scale test environments. However, the internet has evolved to a point where it’s quite common for clients t...
Five Ways Bad Bots Are Threatening Financial Services
For years now, the biggest security concerns for businesses in the financial services sector have mainly been related to data security, privacy, compliance and everything in between. Nevertheless, application security is equally as important and complex, as it consists of multiple potential attac...
Information Disclosure
thunderbird is vulnerable to information disclosure. A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded...
Watermarking: A Content Owner's Mark to Prevent Piracy
Akamai Adds Edge Based Watermarking Support, Pre Integrated with leading 3rd Party Providers ... State of Online Piracy within Media and Entertainment Revenue losses and lost monetization opportunities by virtue of content theft and piracy continue to plague the media and entertainment industry...
SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)
This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed : - Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 CVE-2014-1477bnc862345. MFSA 2014-01 - Using XBL scopes...
Chaining Bugs to Exploit Browser Plug-Ins
This video is a short demo of an attack that researcher Billy Rios developed to exploit a series of bugs in browser plug-ins. By chaining the vulnerabilities together, Rios is able to steal content from a victim’s machine. The slides containing the code for the attack are available on Rios’s blog...
XD100098.txt
Orkut Group Cross Site Scripting Vulnerability XDisclose Advisory : XD100098 Vulnerability Discovered: November 08th 2006 Advisory Released : December 11th 2006 Credit : Rajesh Sethumadhavan Class : Cross Site Scripting HTML Injection Severity : Medium Solution Status : Unpatched Vendor : Google...
opera -- XMLHttpRequest security bypass
A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user. Normally, it should not be possible for the XMLHttpRequest object to access...