A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods.

Cross-site request forgery (CSRF) attacks are becoming more sophisticated, but there are many ways you can prevent them.

Unlike an XSS attack, which tricks the site into uploading malicious code, CSRF simply has the site execute legitimate commands–just not commands issued by the user.

French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.

The flaws were discovered by researchers from security consultancy outfit Nightwatch Cybersecurity and leave many Asus router models exposed to cross-site request forgery (CSRF) attacks.

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product.