ZDNet

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since ...
ZDNet

Microsoft ships free code auditing tools to thwart SQL injection attacks

On the heels of a dramatic rise in SQL injection attacks linked to drive-by malware downloads, Microsoft has released aimed at helping Webmasters and IT administrators block and eradicate this attack ...
CSOonline

Google’s web crawler linked to SQL Injection attempts

In a recent blog post, Daniel Cid, CTO of Securi, a company that provides website security monitoring and related services, published details of a recent SQL Injection (SQLi) attempt. That in itself ...
Bleeping Computer

75k WordPress sites impacted by critical online course plugin flaws

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management ...
Ars Technica

Attackers exploit 0-day code-execution flaw in the Sophos firewall

Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the ...