Best of Web SecurityAugust 2025

  1. 1
    Article
    Avatar of arstechnicaArs Technica·41w

    Adult sites are stashing exploit code inside racy .svg files

    Adult websites are exploiting SVG image files to embed malicious JavaScript code that automatically generates Facebook likes when users click on the images. Unlike traditional image formats, SVG files can contain executable code, making them vulnerable to attacks like cross-site scripting and clickjacking. The malicious code is heavily obfuscated using techniques like JSFuck to avoid detection, allowing these sites to artificially boost their social media engagement through unwitting user interactions.

  2. 2
    Article
    Avatar of khokbmumuz4w1vbvtnmldClaudette·41w

    Hack Smarter, Not Harder: Sitadel Revolutionizes Web App Security

    Sitadel is an updated version of WAScan, a web application security scanner compatible with Python 3.4+. It offers enhanced flexibility for writing custom modules, includes interface framework detection, CDN detection, configurable risk levels, an add-on system, and Docker support for easy deployment.

  3. 3
    Article
    Avatar of cloudflareCloudflare·40w

    Announcing the Cloudflare Browser Developer Program

    Cloudflare launches a Browser Developer Program to collaborate with browser development teams on improving compatibility between browsers and Cloudflare's security systems like Challenges and Turnstile. The program offers direct communication channels, best practices, early access to updates, and testing integration. It aims to balance security needs with supporting the diverse browser ecosystem, from mainstream browsers to privacy-focused, embedded, and specialized browsers that collectively represent a significant portion of web traffic.

See all Web Security archives