Opinion

Red teaming LLMs exposes a harsh truth about the AI security arms race

Every frontier model breaks under sustained attack. Red teaming reveals the gap between offensive capability and defensive readiness has never been wider.
Dark Reading

OWASP Highlights Supply Chain Risks in New Top 10 List

OWASP has updated its list of Top 10 software vulnerabilities to align it better with the current threat landscape and modern development practices. The Nov. 6 release is OWASP's first major Top 10 ...
The Hacker News

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary ...
GitHub

SQL_Injection @ /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql ...

The application's log method executes an SQL query with executeUpdate, at line 138 of /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection ...
Bleeping Computer

CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security ...
SecurityWeek

Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB ...
The Hacker News

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September ...