GIGAZINE

SQL injection vulnerability in PostgreSQL went undiscovered for over nine years and was used to break into the US Treasury Department

On December 30, 2024, a 'Chinese government-sponsored advanced persistent threat actor' breached a system managing confidential data for the U.S. Treasury Department. It was discovered that the ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
CSOonline

PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks

Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in ...
TechSpot

Major TSA security flaw exposed, simple SQL vulnerability could have allowed access to airplane cockpits

Why it matters: Security researchers have uncovered a major vulnerability that could have allowed anyone to bypass airport security and even access airplane cockpits. The flaw was found in the login ...
heise online

Zoho ManageEngine ADManager Plus: Attackers can inject SQL commands

There is a security vulnerability in ManageEngine ADManager Plus that allows attackers unauthorized access. They can inject arbitrary SQL queries. A software update is available to patch the ...