FBI implores developers to finally eradicate SQL injections
The FBI and the U.S. Cybersecurity and Infrastructure Agency (CISA) argue that SQL injections should be a thing of the past. Despite developers' knowledge for two decades of how to prevent this type of attack, it continues to cause widespread exploits.
SQL injections insert malicious code into S... Read more
Fortinet warns vulnerability in FortiClientEMS is exploited in the wild
Fortinet is warning users of the Fortinet FortiClient Enterprise Management Server (EMS) about the active misuse of a critical vulnerability in the product. The vulnerability allows hackers to run code through the system without having physical access to the device.
The vulnerability was reporte... Read more
Bug in WordPress plugin exposes 600,000 vulnerable websites
A plugin to make WordPress sites load faster is vulnerable to an SQL injection attack. WP Fastest Cache is deployed by more than a million websites. The majority of these sites (600,000) are still running a vulnerable version.
It's easy to see why WP Fastest Cache is so popular: its creators pro... Read more
GitHub Copilot gets major update to improve coding experience
The features are meant to improve the coding experience. One of the most notable updates is the inclusion of a "vulnerability filtering system" designed to prevent insecure coding patterns, such as SQL injection or hard-coded credentials.
This will help reduce the likelihood of security vulnerab... Read more
‘Tens of thousands of QNAP devices still waiting to be patched’
The devices have an SQL injection vulnerability that can easily be exploited remotely.
"Tens of thousands" of QNAP network-attached storage (NAS) devices are at risk, still waiting to be patched against a critical security flaw, according to a report in BleepingComputer.
The vulnerability is ... Read more
WordPress patches four serious threats ahead of version 5.9
WordPress introduces an emergency patch for four critical vulnerabilities. WordPress 5.8.3 is available immediately.
WP_Meta_Query and WP_Query, two of the content management system's classes, were found to be vulnerable to SQL injection attacks. Furthermore, XXS attacks were enabled by post slu... Read more