“Twitter has been bitten by a hard-to-kill web-application bug that’s being actively exploited to steal users’ authentication credentials, a security expert said Tuesday. A link that exploits the XSS, or cross-site scripting, vulnerability was included in tweets that sent users’ session cookies to two servers under the control of attackers, according to Stefan Tanase, a security researcher for Russian anti-virus provider Kaspersky. The tweets, written in Brazilian Portuguese, claimed a popular band suffered a tragic accident and offered additional information….”
Source: Team Cymru Internet Security News