The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
Security Boulevard

The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them

In today's security landscape, some of the most dangerous vulnerabilities aren't flagged by automated scanners at all. These ...
CSOonline

Fortinet hit by another exploited cybersecurity flaw

A critical SQL injection flaw in FortiClient EMS allows remote code execution and data exfiltration, leaving thousands of internet facing systems at risk. Yet another critical flaw in a Fortinet ...
IEEE

SmartInject: Automated SQL Injection Testing Using Deep Q-Learning and LSTM-Based Payload Generation

Abstract: SQL injection (SQLi) is still one of the prevalent cybersecurity threats that enable attackers to manipulate back-end databases via their vulnerable web applications. Traditional testing and ...
SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

The issue allows attackers to inject SQL queries and extract sensitive information from the database. A vulnerability in the Ally WordPress plugin, which is designed for adding accessibility features ...
Forbes

A Test That Reveals Your ‘Online Persona’ — Created By A Psychologist

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Here’s what your posting style reveals about your online (and offline) identity, status and ...
Reuters

US law school admissions test ends online option over cheating concerns

Feb 11 (Reuters) - The predominant exam used in the United States and internationally for U.S. law school admissions will no longer be offered online starting in August in a bid to bolster test ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
Infosecurity-magazine.com

UK NCSC Raises Alarms Over Prompt Injection Attacks

Prompt injection vulnerabilities may never be fully mitigated as a category and network defenders should instead focus on ways to reduce their impact, government security experts have warned. Then ...
GitHub

Professional SQL Injection Testing Tool

This SQL Injection Testing Tool is a comprehensive, educational platform designed for authorized security testing and learning about SQL injection vulnerabilities. Built with Python and featuring a ...
GitHub

SQL Injection in Xiaomi Notes Application

A critical SQL injection vulnerability has been discovered in the Xiaomi Notes (Mi Notes) application's ContentProvider implementation. This vulnerability allows any third-party application to execute ...