The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today s world, said security technologist Bruce Schneier. The cross-site scripting flaw could enable arbitrary code execution, information disclosure and even account takeover . Researchers warn that the Earth Empusa threat group is distributing the spyware by injecting code into fake and watering-hole pages. Read the full story [Zero in a Bit], or read the full version of this article by Tyler Shields.
Source: https://threatpost.com/when-trusting-your-own-code-bad-idea-082109/72954/