sql injection
Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of ...
SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic ...
LayerSlider Plugin Flaw Exposes 1M Sites To SQL Injections
Recent media reports have revealed a crucial LayerSlider plugin flaw. According to these reports, this flaw has exposed numerous WordPress sites to SQL attacks and infections. If exploited, the flaw allows users ...
CISA and FBI Issue Alert on SQL Injection Vulnerabilities
SQL injection vulnerabilities, often abbreviated as SQLi, persist as a significant issue in commercial software products. In response to a recent highly publicized malicious campaign exploiting SQLi vulnerabilities in a managed file ...
Getting rid of a 20+ year old known vulnerability: It’s like a PSA for Runtime Security
On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection vulnerabilities, and we need to do it yesterday, they said in a ...
Nagios XI Network Monitoring Software Flaws Exposed
A number of Nagios XI network monitoring software flaws have recently been discovered. These flaws have the potential to result in privilege escalation and data disclosure. Nagios XI is a popular monitoring ...
WAF cybersecurity limitations and alternatives | Contrast Security
Why WAFs leave you adrift in the treacherous waters of cybersecurity In the ever-shifting currents of the cybersecurity ocean, debates about the relevance and effectiveness of various defense mechanisms continue to surface, ...
The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code
In the fast-paced world of web development, staying ahead of the curve is paramount, as developers are frequently under pressure to deliver products and functionalities quickly and efficiently. To meet accelerated timelines, ...
MOVEit Attack Strikes US and State Governments
A global attack campaign fueled by a vulnerability in MOVEit Transfer, a popular file transfer application, has now struck the U.S. Department of Energy, several other U.S. agencies and a spate of ...
CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug [updated]
Once is happenstance. Twice is coincidence. Three times is sheer incompetence ...