Security news aggregator

Latest coverage for SQL

SQL is the language used to query databases, making injection flaws, insecure permissions, and exposed data important security risks.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SQL is the language commonly used to query and modify relational databases, which store structured application data such as accounts, transactions, and records. In information security, SQL matters both as a core data-access technology and through vulnerabilities in the applications, database engines, and administration interfaces that use it.

SQL injection occurs when an application combines untrusted input with SQL commands, allowing an attacker—depending on the flaw and database permissions—to read, alter, or delete data or bypass application controls. Developers should use parameterized queries or prepared statements, avoid building commands through string concatenation, and apply least-privilege database accounts. Security teams should also track database and driver vulnerabilities, restrict administrative access, protect credentials, and monitor query and authentication logs. Input validation can supplement these controls but is not a reliable substitute for separating data from executable SQL.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view
Bank Info Security 1 year, 5 months ago

Security Researchers Warn of New Risks in DeepSeek AI App

Weak Encryption, Data Transfers to China, Hidden ByteDance Links FoundSecurity researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Its AI model failed jailbreak tests, making it prone to manipulation. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over security risks.

Bank Info Security 1 year, 6 months ago

Breach Roundup: Cyberattack Disrupts Japan Airlines

Also, US Court Rules NSO Group Violated Hacking Laws With Pegasus SpywareThis week, cyberattack disrupts Japan Airlines, U.S. court rules NSO Group violated hacking laws, the European Space Agency’s web store hacked, FTC orders Marriott to overhaul data security, Sophos patches critical firewall flaws and Apache fixes critical SQL injection in Traffic Control.

Bank Info Security 1 year, 8 months ago

Bypassing ChatGPT Safety Guardrails, One Emoji at a Time

Mozilla Researcher Uses Non-Natural Language to Jailbreak GPT-4oAnyone can jailbreak GPT-4o's security guardrails with hexadecimal encoding and emojis. A Mozilla researcher demonstrated the jailbreaking technique, tricking OpenAI's latest model into generating python exploits and malicious SQL injection tools.

Bank Info Security 1 year, 9 months ago

Ivanti Confirms Exploitation of an Old Critical Vuln

Remote Code Execution Bug Exploited in Limited AttacksIvanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code.

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager ProductSecurity researchers have discovered another major vulnerability in Ivanti’s widely-used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time, just months after the company patched a separate SQL injection flaw in the same product.

Bank Info Security 2 years, 3 months ago

Feds Seek Secure-by-Design Armageddon for SQL Injection Bugs

Hackers Continue to Abuse Easily Preventable Vulnerability to Cause Massive DamageWhat will it take to rid the world of SQL injection vulnerabilities, which remain too easily exploitable by attackers for ransacking databases and worse, despite having been classified as "unforgivable" for nearly two decades? U.S. government cybersecurity officials have thoughts.

Bank Info Security 2 years, 6 months ago

Turkish Hackers Exploit MS SQL Servers to Deliver Ransomware

Financially Motivated Actors Targeting US, EU and LATAM CountriesFinancially motivated Turkish hackers are targeting Microsoft SQL servers in the United States, Europe and Latin America in hacking that ultimately ends with deployment of Mimic ransomware or the sale of access to infected hosts on criminal online markets.

Bank Info Security 2 years, 6 months ago

Ivanti Patches Critical Endpoint Security Vulnerability

SQL Injection Flaw Affects All Supported Versions of Ivanti Endpoint ManagerIvanti issued an urgent alert to users of its endpoint security product to patch a critical vulnerability that exposes systems to potential exploitation by unauthorized attackers. The SQL injection vulnerability tracked as CVE-2023-39336 is in all supported versions of Ivanti Endpoint Manager.

Bank Info Security 2 years, 7 months ago

Hackers Keep Winning by Gambling on SQL Injection Exploits

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers WarnA recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.