Security news aggregator

Latest coverage for SQL

Stay informed with the latest SQL security updates, vulnerability solutions, and best practices in protecting databases against cyber threats.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SQL Injection is a cyber attack technique that exploits vulnerabilities in the SQL database management software of a web application. Attackers manipulate standard SQL queries to perform unauthorized actions such as accessing, modifying, or deleting sensitive data. Securing against SQL injection involves validating user input, using prepared statements, and employing other defensive programming practices to preserve data integrity and protect against unauthorized access and data breaches.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is […]

More from Security Affairs 24 May 2026, 11:51 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 CVE Critical Email Extortion Flaw Free SQL

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge

More from The Hacker News 29 Apr 2026, 5:34 p.m. Incident · 3 stories Actively exploited CVE-2026-42208 CVE Critical Disclosure Flaw Python SQL Threat Actor Vulnerability

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted

More from The Hacker News 20 Dec 2024, 7:25 p.m. Actively exploited CVE-2023-48788 CVE Critical Flaw Fortinet Patch SQL Tools Vulnerability