GIGAZINE

SQL injection vulnerability in PostgreSQL went undiscovered for over nine years and was used to break into the US Treasury Department

On December 30, 2024, a 'Chinese government-sponsored advanced persistent threat actor' breached a system managing confidential data for the U.S. Treasury Department. It was discovered that the ...
Threat Post

SQL Injection Attack is Tied to Election Commission Breach

A hacker offered to sell an unpatched system vulnerability in the U.S. Election Assistance Commission website on the Dark Web for “thousands” of dollars. Just as cybersecurity concerns over the U.S.
Threat Post

PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts

Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web ...
CSOonline

Critical Magento SQL injection flaw could be targeted by hackers soon

The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that’s likely to soon ...
SiliconANGLE

Glastopf Honeypot Gets SQL Injection Emulation Capability

Glastopf Web Application Honeypot software has got the capability of emulating applications vulnerable to SQL injection attacks, which will ultimately be helpful in tricking attackers into revealing ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
Dark Reading

Serving Up Malicious PDFs Through SQL Injection

These days SQL injection vulnerabilities may seem like a dime a dozen, but creative penetration testers and attackers continue to come up with new ways to take advantage of this vulnerability class ...