CSO Online

Fortinet hit by another exploited cybersecurity flaw

A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of ...
GIGAZINE

SQL injection vulnerability in PostgreSQL went undiscovered for over nine years and was used to break into the US Treasury Department

On December 30, 2024, a 'Chinese government-sponsored advanced persistent threat actor' breached a system managing confidential data for the U.S. Treasury Department. It was discovered that the ...
GIGAZINE

'Lord of SQL Injection', a site where you can learn about SQL injection vulnerabilities while capturing dungeons

First, access Lord of SQL Injection and click '[enter to the dungeon]'. It's my first time to use Lord of SQL Injection, so click 'Join'. Enter the ID, email address, and password used in Lord of SQL ...
SecurityWeek

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors have started exploiting CVE-2026-21643, a critical vulnerability in Fortinet FortiClient EMS leading to remote ...
Computerwoche Online

SQL injection attacks led to massive data breaches

This week's disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web ...
heise online

TSA airport security controls thwarted by SQL injection

The two security experts Ian Caroll and Sam Curry have apparently managed to exploit a vulnerability in the online platform of the FlyCASS control system to gain access to security areas that are ...

LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph have patched three high-severity and critical bugs.