GIGAZINE

SQL injection vulnerability in PostgreSQL went undiscovered for over nine years and was used to break into the US Treasury Department

On December 30, 2024, a 'Chinese government-sponsored advanced persistent threat actor' breached a system managing confidential data for the U.S. Treasury Department. It was discovered that the ...
heise online

VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer

Broadcom warns of an SQL injection vulnerability in VMware Avi Load Balancer. Attackers can gain unauthorized access to the database. "Malicious users with network access can send specially crafted ...
CSOonline

PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks

Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in ...
heise online

Exploit available: Patch FortiWeb vulnerability now!

On Thursday last week, Fortinet released security updates – the most serious vulnerability affects FortiWeb. Attackers can exploit an SQL injection vulnerability in non-updated systems. IT researchers ...