PortSwigger Archives - Information Security News

September 9, 2025

CSS Injection Can Now Steal Data with Just One Line of Code

PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the...

Vulnerability

August 8, 2025

HTTP/1.1 Must Die: Why This 6-Year-Old Vulnerability Is Still a Major Threat

Six years ago, researchers at PortSwigger first identified a fundamental flaw in the HTTP/1.1 protocol—one that enables HTTP Request Smuggling attacks. Despite being publicly known since 2019, the vulnerability remains unresolved and continues to...

Tagged: PortSwigger

CSS Injection Can Now Steal Data with Just One Line of Code

HTTP/1.1 Must Die: Why This 6-Year-Old Vulnerability Is Still a Major Threat