On December 30, 2024, a 'Chinese government-sponsored advanced persistent threat actor' breached a system managing confidential data for the U.S. Treasury Department. It was discovered that the ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in ...

A serious security issue has been discovered in the WordPress Paid Membership Subscriptions plugin, which is used by over 10,000 sites to manage memberships and recurring payments. Versions 2.15.1 and ...

Broadcom warns of an SQL injection vulnerability in VMware Avi Load Balancer. Attackers can gain unauthorized access to the database. "Malicious users with network access can send specially crafted ...

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s ...

There is a security vulnerability in ManageEngine ADManager Plus that allows attackers unauthorized access. They can inject arbitrary SQL queries. A software update is available to patch the ...

Why it matters: Security researchers have uncovered a major vulnerability that could have allowed anyone to bypass airport security and even access airplane cockpits. The flaw was found in the login ...