Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats.Read more in my article in the Tripwire State of Security blog.
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser.Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully
