A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue.

An organised crime network is distributing new malware that takes advantage of rootkits and a state-of-the-art HTML injection to phish consumers on the fly as they browse the Web, a new report ...

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts ...

To clarify, no claims were made as to the discovery of the javascript injection as this is not confidential but rather to the disclosure of intellectual property source code.

Security researchers have discovered a new way that allows malware to inject malicious code into other processes without being detected by antivirus programs and other endpoint security systems.

The hack followed the online publication of a YouTube HTML code injection exploit. Dirty Deeds The hackers used a cross-site scripting (XSS) attack on YouTube.

Developers of the widely used WordPress content management system intentionally delayed announcing that a recent patch fixed a severe vulnerability.