Nuacht

Watch where you click - adult sites are hiding clickjacking malware in images, and all for Facebook likes

Malicious SVG files on adult websites hide JavaScript that hijacks Facebook sessions, secretly liking posts, and potentially exposing victims to identity theft and credential harvesting.
PC Magazine3y

Facebook's In-App Browser Injects JavaScript Into Third-Party Websites

Fastlane founder Felix Krause has revealed that Facebook and Instagram's in-app browsers inject JavaScript into third-party websites. Krause originally said the in-app browsers were injecting the ...
Bleeping Computer7y

JavaScript Trackers Caught Siphoning Data From "Login With Facebook ...

JavaScript libraries from various advertising and analytics services are siphoning user data from web pages where the "Login with Facebook" feature is being used.