Homeland Security Today

Microsoft Edge Browser Permission Backdoor Can Allow Remote Attacks to Steal Data

It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been ...
Threat Post

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. Ghidra, a free, open-source software reverse-engineering tool that was ...
ZDNet

Extra headaches of securing XML

Creating a popular new computing approach always seems to bring with it a familiar catch-22: security issues. And Web services is no exception. Extensible Markup Language and XML-based protocols are ...
Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
Dark Reading

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service

Maintainers of OpenNMS patched a high-severity vulnerability in both the community-supported and subscription-based versions of the widely used open source network monitoring software. The XML ...
ZDNet

Treading the safe XML path

Extensible Markup Language and XML-based protocols are rapidly becoming a common way for businesses to format and exchange corporate information. But even as those Web services technologies are ...
CNET

Extra headaches of securing XML

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT ...