Threat Post

XXE Bug Patched in Facebook Careers Third-Party Service

A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page. A vulnerability was discovered and patched in a third-party service that handles ...
Bleeping Computer

Microsoft Edge File Permissions Clash with IE, Allow XXE Attacks

A recently disclosed vulnerability affecting Internet Explorer, yet to receive a fix from Microsoft, has received a micropatch that denies remote attackers the possibility to exfiltrate local files ...
Computerworld

Here’s an easier way to block the IE XXE zero day security hole

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter ...
CSOonline

Attackers target new Ivanti XXE vulnerability days after patch

The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update. Days after Ivanti announced patches for a new vulnerability in its ...