Dark Reading

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from ...
CSOonline

What is SQL injection? How these attacks work and how to prevent them

Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists ...
Threat Post

Lessons Learned From the LizaMoon SQL Injection Attack

Last week, a large scale SQL Injection attack dubbed LizaMoon, referencing one of the domain names used in the attack, surfaced. This attack targets websites by injecting code that redirects visitors ...
InfoWorld

Emergency vBulletin patch fixes dangerous SQL injection vulnerability

Developers of the popular vBulletin Internet forum software have issued emergency patches Wednesday in order to fix a SQL injection vulnerability that could allow attackers to read and manipulate ...
SDxCentral

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent ...
Computerworld

Glastopf Web application honeypot gets SQL injection emulation capability

The Honeynet Project, a non-profit organization that develops open-source security research tools, has created a component for the Glastopf Web application honeypot software that can emulate ...