Security researchers have uncovered two critical cross-site scripting (XSS) vulnerabilities in Meta’s Conversions API Gateway that could enable attackers to hijack Facebook accounts on a massive scale without any user interaction. The flaws affec…

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affec…

A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could on…