Hosted on MSN

Critical PostgreSQL bug tied to zero-day attack on US Treasury

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.… Rapid7's principal security ...
Threat Post

BQE Web Suite Billing App Rigged to Inflict Ransomware

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been caught ...
The Verge

Researchers say a bug let them add fake pilots to rosters used for TSA checks

TSA security could be easily bypassed by using a simple SQL injection technique, say security researchers. TSA security could be easily bypassed by using a simple SQL injection technique, say security ...
Dark Reading

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

Researchers have developed a proof-of-concept (PoC) exploit for a critical vulnerability in Ivanti Endpoint Manager that was recently disclosed — potentially setting the stage for mass exploitation of ...