Security news aggregator

Latest coverage for SQL

Stay informed with the latest SQL security updates, vulnerability solutions, and best practices in protecting databases against cyber threats.

148 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SQL Injection is a cyber attack technique that exploits vulnerabilities in the SQL database management software of a web application. Attackers manipulate standard SQL queries to perform unauthorized actions such as accessing, modifying, or deleting sensitive data. Securing against SQL injection involves validating user input, using prepared statements, and employing other defensive programming practices to preserve data integrity and protect against unauthorized access and data breaches.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 148 Filtered view

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is […]

More from Security Affairs 24 May 2026, 11:51 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 CVE Critical Email Extortion Flaw Free SQL

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code

More from The Hacker News 18 May 2026, 10:54 p.m. Authentication Bypass CVE Critical Disclosure Flaw Fortinet Patch Privilege Escalation Remote Code Execution SQL VMware Virtualisation Vulnerability

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge

More from The Hacker News 29 Apr 2026, 5:34 p.m. Incident · 3 stories Actively exploited CVE-2026-42208 CVE Critical Disclosure Flaw Python SQL Threat Actor Vulnerability

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments

More from The Hacker News 11 Mar 2026, 2:20 a.m. Cloud Disclosure Flaw Google Research SQL Victims Vulnerability

March 2026 Patch Tuesday delivers 86 CVEs including 10 Critical and 2 publicly disclosed zero-days. A SQL Server privilege escalation grants sysadmin over the network, and a Microsoft Authenticator info disclosure threatens MFA integrity. Here is what to patch first.

More from Threat Hunter 10 Mar 2026, 1:00 p.m. Critical Disclosure MFA Microsoft Patch Patch Tuesday Privilege Escalation SQL