Bleeping Computer

CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security ...
Dark Reading

New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks

Researchers have spotted a new threat actor targeting organizations in the Asia-Pacific region with SQL injection attacks using nothing more than publicly available, open source penetration-testing ...
SecurityWeek

SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities

SAP has released 26 new security notes, including two that address critical vulnerabilities in CRM, S/4HANA, and NetWeaver.
Ars Technica

Actively exploited vulnerability gives extraordinary control over server fleets

Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers, ...
Neowin

SQL Server on Linux gets a vital security update for Azure Key Vault integration

Microsoft has made managing encryption keys more secure for users running SQL Server 2022 CU18 and later on Azure Linux Virtual Machines with Managed Identity. Microsoft has announced that SQL Server ...