Summary

A recent cross-site scripting (XSS) vulnerability in a virtual tour framework has been exploited by malicious actors to spread malware across hundreds of websites. The campaign, d 360XSS, has affected over 350 sites, with the goal of manipulating search results and fueling a large-scale spam ads campaign.

The attack allows attackers to inject malicious scripts into compromised websites, potentially disrupting user experience and Search Engine Results Page (SERP) rankings. This could have far-reaching consequences for individuals whose websites have been compromised, including reduced visibility and credibility online.

Security researchers are working to address the issue by identifying and patching vulnerable code, as well as implementing mitigations to prevent further exploitation.

Summary

The use of Signal, a privacy-focused messaging app, has been compromised by Russian-aligned threat actors. This compromise involves exploiting the app's legitimate "linked devices" feature, which allows users to access their account on multiple devices.This technique is novel and widely used, making it a significant security concern for the app and its users.

The fact that these threat actors are targeting individuals of interest suggests a larger-scale operation to gather sensitive information.It is essential to acknowledge the importance of user education in preventing such exploitation. Users must be aware of how advanced features within messaging apps can be used to gain unauthorized access to their accounts.