#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Web Framework | Breaking Cybersecurity News | The Hacker News

Category — Web Framework
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Jan 01, 2025 Web Security / Vulnerability
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said . "While it might sound like a small change, it opens the door to new UI manipulation attacks that bypass all known clickjacking protections, including the X-Frame-Options header or a SameSite: Lax/Strict cookie." Clickjacking , also called UI redressing, refers to an attack technique in which users are tricked into clicking on a seemingly innocuous web page element (e.g., a button), leading to the deployment of malware or exfiltration of sensitive data. DoubleClickjacking is a variation of this theme that exploits the gap between the start of a click and the...
Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

Jul 09, 2019
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, helping programmers write and maintain their JavaScript code more efficiently. Liran Tal, a developer advocate at open-source security platform Snyk, recently published details and proof-of-concept exploit of a high-severity prototype pollution security vulnerability that affects all versions of lodash, including the latest version 4.17.11. The vulnerability, assigned as CVE-2019-10744 , potentially affects a large number of frontend projects due to the popularity of lodash that is being downloaded at a rate of more than 80 million times per month. Prototype pollution is a vulnerability t...
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Jan 07, 2025Cybersecurity / Endpoint Security
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity's brightest stars that went dark in the past year.  1. Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks. The superstar of access security for more than twenty years, legacy MFA solutions enjoyed broad adoption followed by almost-universal responsibility for cybersecurity failures leading to successful ransomware attacks. These outdated solutions relied heavily on SMS or email-based codes o...
Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

Jan 24, 2018
A critical remote code execution vulnerability has been reported in Electron —a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, Wordpress and Slack—that allows for remote code execution. Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform. The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://. "Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API," Electron says in an advisory published Monday. The Electron team has also confirmed that applications...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Expert Insights / Articles Videos
Cybersecurity Resources