Tag: SQL INJECTION

Apache VCL Hit by SQL Injection and XSS Vulnerabilities
Summary: Apache VCL is facing critical security vulnerabilities, including an SQL injection flaw and a cross-site scripting (XSS) vulnerability. These flaws could lead to unauthorized data manipulation and system compromises. Immediate upgrading to version 2.5.2 is recommended to address these issues.

Affected: Apache VCL versions 2.1 through 2.5.1

Keypoints :

Critical SQL injection vulnerability identified in the New Block Allocation form (CVE-2024-53678).…
Read More
Pentesting for Biotech: Simulating a Cyberattack on Your Genomic Data
Biotech firms, holding sensitive data such as patient genomes and drug formulas, are prime targets for cyberattacks due to their high value. Cybercriminals can exploit such data for financial gain, leading to risks that include compromised patient safety and legal penalties. Biotech penetration testing is crucial to safeguard against these threats, simulating attacks to identify and mitigate vulnerabilities in systems critical to research and patient data.…
Read More
SQL Injection Exploitation Made Easy: A Practical Guide to SQLMAP
SQL Injection remains a significant vulnerability in web applications, allowing attackers to compromise databases. This guide introduces SQLMAP, a robust tool that automates the detection and exploitation of SQL Injection vulnerabilities through practical examples. Key topics include types of SQL Injection, commands for using SQLMAP effectively, and methods for bypassing security measures like Web Application Firewalls.…
Read More
South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust Beacon
Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…
Read More
Rust Beacon Deploys Cobalt Strike in South Korean Cyber Intrusion Campaign
Summary: Hunt researchers have detected a sophisticated cyber intrusion campaign focusing on South Korean organizations, utilizing modified Cobalt Strike tools and various open-source exploitation tools. The attackers leveraged a publicly exposed web server to distribute their malware and gather intelligence on over 1,000 Korean domains, targeting government and commercial entities.…
Read More
SQLi, XSS, and SSRF: Breaking Down Zimbra’s Latest Security Threats
The Zimbra Collaboration Suite (ZCS) has recently addressed several critical security vulnerabilities, including stored cross-site scripting (XSS), SQL injection (SQLi), and server-side request forgery (SSRF). Administrators are urged to apply patches and adopt best practices for enhanced security. Affected: Zimbra Collaboration Suite

Keypoints :

Zimbra Collaboration Suite is a popular email and collaboration platform.…
Read More
Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights
The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…
Read More
Koha Library Systems at High Risk, Patch Immediately
Summary: A critical SQL Injection vulnerability (CVE-2025-22954) has been discovered in Koha, a popular open-source library management system, affecting multiple versions. This flaw allows both unauthenticated and authenticated users to inject arbitrary SQL instructions, posing a severe risk to sensitive data. Koha version 24.11.02 has been released to address this issue, along with additional security enhancements.…
Read More
The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…
Read More
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
Summary: The U.S. Cybersecurity and Infrastructure Security Agency has added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Advantive VeraCore and Ivanti Endpoint Manager. These vulnerabilities, actively exploited by threat actors, include file upload and SQL injection flaws in Advantive and multiple path traversal issues in Ivanti.…
Read More
How I Hacked a Fake DMart Website and Took It Down!
This article describes the discovery and takedown of a fraudulent DMart giveaway website disguised as a legitimate promotional offer. The site was designed to collect personal user information under false pretenses. The author, a cybersecurity researcher, explores the security vulnerabilities, executes a Server-Side Template Injection (SSTI) exploit for remote code execution, and ultimately removes the scam.…
Read More
The Ultimate Guide to VulnHub Machines for Beginners: Master Network & Web Pentesting
VulnHub is a platform that offers a safe environment for beginners to practice Vulnerability Assessment and Penetration Testing (VAPT). This guide recommends a variety of machines to enhance skills in network security, web security, and CMS exploitation, moving from beginner to advanced levels. Following this structured approach helps build practical skills and prepares learners for future certifications and career opportunities in cybersecurity.…
Read More
March Kicks Off with Major Exploits! | Weely Reports | Loginsoft
In March, the CISA catalog added nine new vulnerabilities, significantly impacting various platforms like VMware, Hitachi Vantara, Linux, and more. New botnet threats emerged alongside advanced threat actor tactics, emphasizing the critical importance of prompt patching and security measures. Key vulnerabilities include critical issues in VMware, Progress WhatsUp Gold, and Hitachi Vantara products which have already seen active exploitation.…
Read More
Security Implications of Low-Code/No-Code Platforms: The Unseen Cyberwar
This article provides a thorough analysis of the security vulnerabilities associated with low-code/no-code (LCNC) platforms, exposing architectural flaws and real-world breaches. It outlines case studies involving significant breaches such as Microsoft Power Apps and Airtable, highlighting the negligence of platform providers. A call to action for stronger security practices and vendor accountability concludes the report.…
Read More
The first week of March saw the addition of nine new vulnerabilities to the CISA Known Exploited Vulnerabilities catalog, pointing to increased targeting of enterprise and IT infrastructure. Notably, botnet threats like EnemyBot and Sysrv-K took advantage of these vulnerabilities. Additionally, advanced threat actor Silk Typhoon exploited a zero-day vulnerability in Ivanti Pulse Connect VPN, underscoring the need for adaptive security measures.…
Read More