The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.

More than 40,000 WordPress sites affected by new malware flaw

A popular WordPress quiz plugin can be abused to mount SQL injection attacks ...
Dark Reading

10 Reasons SQL Injection Still Works

After all of these years, SQL injection vulnerabilities still stand as an old reliable for attackers seeking to break into corporate databases. "SQL injection is still out there for one simple reason: ...
CSOonline

SQL injection Attacks Led to Heartland, Hannaford Breaches

This week’s disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web ...
CSOonline

SQL injection, XSS vulnerabilities continue to plague organizations

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies. Despite years topping vulnerability lists, ...