Yahoo email hijack possible with $700 XSS exploit

Share this article:

Yahoo reportedly has yet to fix vulnerable code that is allowing a hacker to sell a $700 exploit capable of undermining a cross-site scripting (XSS) issue in Yahoo's website. The company still is in search of the malicious URL that is being used to spread the inject, which would allow successful bidders to hijack Yahoo webmail users' accounts. The bug first was reported Friday by security blogger Brian Krebs, who wrote that the malicious marketer was offering to sell the exploit only to “trusted people,” so as to keep news of the flaw unknown to those aiming to patch it. A Yahoo spokesperson did not respond to a request for comment made by SCMagazine.com on Tuesday.


Share this article:

Sign up to our newsletters

More in News

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded ...

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.