Tracking & Law Enforcement Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence Vitalii Antonenko has been sentenced to 69 months in prison for hacking, but he is being released as he has been detained since 2019. Eduard KovacsDecember 17, 2024
Vulnerabilities VMware Patches High-Severity SQL Injection Flaw in HCX Platform VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager. Ryan NaraineOctober 16, 2024
Data Protection VMware Patches Critical SQL-Injection Flaw in Aria Automation VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database. Ryan NaraineJuly 10, 2024
Vulnerabilities US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. Ionut ArghireMarch 26, 2024
Incident Response Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. Ionut ArghireFebruary 26, 2024
Cybercrime Millions of User Records Stolen From 65 Websites via SQL Injection Attacks The ResumeLooters hackers compromise recruitment and retail websites using SQL injection and XSS attacks. Ionut ArghireFebruary 6, 2024
Cybercrime New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information. Ionut ArghireDecember 14, 2023