All news

XSS

(2 articles)
Zimbra XSS Flaw CVE-2025-48700 Hits 10K Servers

April 24, 2026

Zimbra XSS Flaw CVE-2025-48700 Hits 10K Servers

Over 10,500 unpatched Zimbra servers are actively exploited via CVE-2025-48700 XSS. Learn what's at risk and how to secure your instance now.

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

March 26, 2026

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A flaw in the Claude browser extension allowed zero-click XSS prompt injection from any website, putting AI-assisted sessions at serious risk.