Malware writers have set up shop in one of the world's most heavily trafficked domains, myspace.com. There, they employ social engineering and cross-site scripting [XSS] attacks to exploit known vulnerabilities.
When notice of a widespread phishing attack against MySpace members was posted in a June Google security blog, Colin Whittaker, a Google anti-phishing team member (who posted the blog), thought it noteworthy that this phishing attack spread through MySpace itself, not email or IM links.
Good luck using the internet these days at Royal Food Service, an Atlanta-based wholesale produce distribution company. Only the company's high-level executives have access to the web's full offerings.
Age-old vulnerabilities, like SQL injection and cross-site scripting, remain prevalent in applications. And that trend will continue, unless there is a fundamental shift in how programs are developed and secured.