A new exploit being sold for $700 may put tens of millions of Yahoo Mail users at risk. Once victims click on a malicious email link, the exploit allows an attacker to steal and replace tracking cookies, while remotely controlling the victims’ browsing sessions. “After the victim clicks the link, he will be redirected to the email page again,” a demonstration video for the hack explained. “And you can redirect him to wherever you want.” According to Yahoo, fixing the exploit won’t be nearly as difficult as finding it. That’s because it’s an XSS flaw set off by a URL, a hole that can easily be patched, but hard to locate. Read the full story at Mashable.