Threat Post

Facebook Takes Tougher Stand Against BREACH Attack

Facebook disclosed today how it has beefed up cross-site request forgery (CSRF) tokens in order to ward off the BREACH attack. The BREACH attack was the talk of Black Hat last summer. It was disclosed ...
ZDNet

Critical CSRF vulnerability found on Glassdoor company review platform

Glassdoor, a website for job hunting and posting anonymous company reviews, has resolved a critical issue that could be exploited to take over accounts. Bug bounty researcher "Tabahi" (ta8ahi) found ...
Bleeping Computer

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a ...
Ars Technica

Rails - CSRF tokens failing on iPhones?

Has anyone seen any problems with Rails' CSRF protection failing on iPhones?<BR><BR>We've had a couple of reports from users who're are seeing Rails' 422 "change rejected" page, and I can only think ...