360XSS: When Virtual Tours Take a Detour to the Dark Side

The 360XSS campaign exploits a cross-site scripting vulnerability in the Krpano framework, hijacking over 350 websites to serve spam ads. It’s like a digital slapstick comedy, where trusted domains unwittingly become the stage for sketchy ads, all while boosting SEO rankings. Krpano users, update ASAP to avoid being part of this farce!

3P
Published: February 26, 2025 5:51 pmAdded: February 26, 2025 at 10:22 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Ah, the classic tale of a vulnerability that just won’t quit! In a plot twist that’s part cyber thriller and part slapstick comedy, hackers have once again turned a virtual tour framework into a virtual horror show. It’s like giving a mischievous kid the keys to the candy store and hoping for the best. Spoiler alert: it didn’t end well for 350 websites.

Key Points:

  • Over 350 websites, including government and Fortune 500 sites, were hit by the 360XSS campaign.
  • The XSS vulnerability was found in the Krpano framework used for virtual tours.
  • Malicious actors used the flaw to manipulate search results and spread spam ads.
  • The vulnerability involved an XML parameter that allowed malicious scripts to execute.
  • Krpano has since released an update to mitigate the risk of such XSS attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?