Dark Reading

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from ...
Bleeping Computer

Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs

A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database. The vulnerable plugin's ...
Bleeping Computer

New Joomla SQL Injection Flaw Is Ridiculously Simple to Exploit

The Joomla CMS project released today Joomla 3.7.1 to fix an SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites. Sucuri analyst Marc ...
Dark Reading

Hacktivists Continue To Own Systems Through SQL Injection

Twin headlines -- one about a LulzSec hacker indicted last week for charges of running a SQL injection attack against Sony Pictures last year, and the oter about hacktivists with Team GhostShell who ...
Threat Post

Telegram-Controlled Hacking Tool Targets SQL Injection at Scale

The Katyusha Scanner can find SQL injection bugs at scale, and is managed via the Telegram messenger on any smartphone. A black market hacking tool has the potential to rapidly conduct website scans ...
Threat Post

SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA

SAP patched a dozen holes in its in-memory management system HANA that could have led to SQL injections, cross-site scripting (XSS) errors, and memory corruption vulnerabilities. SAP patched a dozen ...