1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo.com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to...

Zomato: Restaurant payment information leakage

An endpoint was leaking banking information of restaurant owners: Bank Name, Account number etc. Thanks @nbsp for reporting this...

Ebay Inc Magento PS - Bypass & Persistent Vulnerability

Document Title: =============== Ebay Inc Magento PS - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1276 Video: https://www.youtube.com/watch?v=v8knMYRUOQ Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1265 Ebay Inc ID:...