Locky Variant Zepto Debuts with Big Spam Push

Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread...

Ruby on Rails: rails-ujs will send CSRF tokens to other origins

I reported this via email a few months ago. Here was my initial email: Hello, I've been playing with getting Rails apps to send CSRF tokens to the wrong domains and I found a few problems. The main motivation for this is in attacking a site that uses Content Security Policy. With CSP enabled, an...