xbiz world
xbiz premiere

Blog Feeds Provide New Security Threat

LAS VEGAS — Exploiting the vulnerability of blog feeds, hackers have found a new medium to surreptitiously attack PCs.

Bob Auger, a security engineer with SPI Dynamics, said that hackers could insert malicious JavaScript in blog updates that are delivered to subscribers’ machines via Really Simple Syndication (RSS) or Atom feeds. Auger presented his findings during the annual Black Hat Briefings, an Internet security conference.

Auger said blog feeds can be compromised in two ways: hackers setting up a corrupted blog and getting users to subscribe to its RSS feed, or more likely, inserting malicious code into a popular blog’s comments section, which often have their own feed.

Attackers also can send malicious code to mailing lists that offer feeds to attack compromised systems, Auger said. Feeds have risen to prominence because they allow users to consolidate information from websites into a single interface. This eliminates the need for clicking on a plethora of different websites.

Many RSS or feed readers do not include security software that can filter out malicious code. Auger said these applications should prevent JavaScript from running.

“A large percentage of the readers I tested had some kind of an issue,” Auger said. Vulnerable feed readers include Bloglines, RSS Reader, RSS Owl, Feed Demon and Sharp Reader, according to Auger.

Filtering out JavaScript at the feed reader level can get complicated because many readers use the code to deliver ads like one would see if they accessed the blog homepage.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Ondato Joins Pineapple Support as Sponsor

Age and identity verification company Ondato has joined the ranks of over 70 adult businesses and organizations committing funds and resources to Pineapple Support.

2026 XBIZ Amsterdam Website Now Live, Registration Opens

XBIZ is pleased to announce that the website for its annual European conference, XBIZ Amsterdam, is now live.

MyMember.site Integrates FSC's 'PrivateAV' Age Verification Solution

MyMember.site has integrated Free Speech Coalition's PrivateAV age verification tool into its website-building platform.

Pearl Industry Network Opens Beta for Creator Networking App

Industry trade group Pearl Industry Network (PiN) has launched beta testing for the PiN Member App, a networking and collaboration tool for content creators.

FSC: W.V. Age Verification Law Takes Effect June 12

The Free Speech Coalition has issued a reminder notice that West Virginia's age verification law takes effect on June 12, 2026.

Pineapple Support Taps Brad Mitchell, Jean-Micheal Veen for Senior Leadership Positions

Pineapple Support has named Brad Mitchell as its new board president and Jean-Micheal Veen as technology and development chair.

Polish Government Proposes AV Mandate for Adult Sites

Poland’s Council of Ministers on Tuesday endorsed a proposed national law that would require sites and platforms to age-verify users to prevent minors from accessing adult content online.

Brazil Launches Complaints Page for AV Violations

Brazil’s National Data Protection Authority (ANPD) on Monday debuted a portal where citizens can report possible violations of the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires adult websites to age-verify users located in Brazil.

FSC Launches 'Speak Out' Media Campaign for Creators

The Free Speech Coalition (FSC) has announced the launch of FSC Speak Out, a media campaign for content creators to tell their stories.

Pineapple Support, Stripchat to Host LGBTQ Support Group

Pineapple Support and Stripchat are hosting a free online support group for LGBTQ+ individuals within the adult industry, titled "LGBTQ and Proud."

Show More