India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

Koo, India’s homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform.
The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo’s web application that allows malicious scripts to be