WIRE

Former Uvalde Officer Adrian Gonzales Found Not Guilty of Endangering Children in Mass Shooting Gavin Newsom says White House blocked him from speaking at global forum in Davos Snowstorm set to hit the Philadelphia region this weekend | Live Updates Trump plans signing ceremony for Board of Peace in Davos despite reservations from key allies When was the last time Charlotte had a significant ice storm? Austin Thompson Pleads Guilty in North Carolina Shooting That Left 5 Dead Autopsy report classifies ICE detainee’s death as a homicide Illinois Investigates Claim That Landlord Tipped Off High-Profile ICE Raid Democrats seek to block Homeland Security funding over ICE concerns Israel kills 3 journalists in Gaza, including CBS News contributor Seven more countries agree to join Trump's Board of Peace Trump's jibes are wearing thin for many of Europe's leaders Former Uvalde Officer Adrian Gonzales Found Not Guilty of Endangering Children in Mass Shooting Gavin Newsom says White House blocked him from speaking at global forum in Davos Snowstorm set to hit the Philadelphia region this weekend | Live Updates Trump plans signing ceremony for Board of Peace in Davos despite reservations from key allies When was the last time Charlotte had a significant ice storm? Austin Thompson Pleads Guilty in North Carolina Shooting That Left 5 Dead Autopsy report classifies ICE detainee’s death as a homicide Illinois Investigates Claim That Landlord Tipped Off High-Profile ICE Raid Democrats seek to block Homeland Security funding over ICE concerns Israel kills 3 journalists in Gaza, including CBS News contributor Seven more countries agree to join Trump's Board of Peace Trump's jibes are wearing thin for many of Europe's leaders

Cyber & Technology

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

January 21, 2026 at 06:57Z

BIAS: Center
RELIABILITY: Mixed

CyberScoop
22:47Z

A Cybersecurity and Infrastructure Security Agency tool dedicated to helping government agencies buy secure software turned out to have a cybersecurity vulnerability of its own. Jeff Williams, the former leader of the Open Worldwide Application Security Project (OWASP), told CyberScoop that he discovered a cross-site scripting vulnerability in CISA’s “Software Acquisition Guide: Supplier Response Web Tool” and reported it to CISA in September, before it was eventually fixed in December. The vulnerability involves attackers injecting JavaScript into a web page, then getting that JavaScript to attack other users of that same page, he said.

It also could have been used to deface the website, he said. Williams, co-founder and chief technology officer of the application security firm Contrast S

Source Assessment

Political Bias

Center

Reliability

Mixed

Continue reading at the original source

Read Full Article at CyberScoop →