#sql-injection

[ follow ]
#cybersecurity #seo-fraud #ghostredirector #rungan #gamshen #freepbx #authentication-bypass #arbitrary-file-upload
fromThe Hacker News
1 day ago

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")
Information security
Information security
fromComputerWeekly.com
1 week ago

NCSC warns of confusion over true nature of AI prompt injection | Computer Weekly

Prompt injection attacks against LLMs differ from SQL injection and may be harder to mitigate, increasing risks of data leaks, disinformation, and malicious guidance.
Information security
fromTheregister
3 months ago

New China-aligned crew poisons Windows servers for SEO fraud

GhostRedirector used novel malware to compromise at least 65 Windows servers worldwide to manipulate Google search rankings for gambling sites.
Information security
fromThe Hacker News
3 months ago

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

GhostRedirector compromises Windows servers to deploy Rungan backdoor and Gamshen IIS module, enabling SEO fraud by manipulating Googlebot responses and executing commands via SQL injection.
Mobile UX
fromArs Technica
5 months ago

Provider of covert surveillance app spills passwords for 62,000 users

A significant security breach exposed sensitive data of 62,000 users due to vulnerabilities in the Catwatchful app.
fromTheregister
5 months ago

Anthropic won't fix a bug in its SQLite MCP server

Anthropic's decision to leave the SQL injection vulnerability unpatched perpetuates a significant security threat to AI agents that depend on their SQLite Model Context Protocol.
Artificial intelligence
Tech industry
fromThe Hacker News
6 months ago

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

A China-linked threat actor is exploiting critical SAP NetWeaver vulnerabilities against organizations in Asia and Brazil since 2023.
The threat actor targets SQL injection vulnerabilities to infiltrate organizations.
[ Load more ]