If not for Cenzic’s CIA [Cenzic Intelligent Analysis] Research Lab which notified Yahoo on May 23 that Yahoo Mail is facing serious risk from online attackers due to a Cross Site Scripting (XSS) vulnerability, millions of Yahoo mail users might have been victimized already. XSS flaws are said to be the most common and risky vulnerability [...]

Attackers are exploiting an ActiveX bug in Yahoo's Jukebox music player, Symantec says.