• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Auchan discloses data breach: data of hundreds of thousands of customers exposed

 | 

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

 | 

Docker fixes critical Desktop flaw allowing container escapes

 | 

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

 | 

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

 | 

Android.Backdoor.916.origin malware targets Russian business executives

 | 

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

 | 

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 59

 | 

Security Affairs newsletter Round 538 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Kidney dialysis firm DaVita confirms ransomware attack compromised data of 2.7M people

 | 

China-linked Silk Typhoon APT targets North America

 | 

Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign

 | 

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

 | 

After SharePoint attacks, Microsoft stops sharing PoC exploit code with China

 | 

Former developer jailed after deploying kill-switch malware at Ohio firm

 | 

Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale

 | 

U.S. CISA adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog

 | 

Orange Belgium July data breach impacted 850,000 customers

 | 

Apple addressed the seventh actively exploited zero-day

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

SQL injection

Pierluigi Paganini March 16, 2015
ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs

DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]

Pierluigi Paganini February 26, 2015
More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]

Pierluigi Paganini October 30, 2014
Drupal community under attack due to a critical SQL injection flaw

A security advisory issued by Drupal assumes that every installation of the popular CMS based in the version 7.x was compromised unless patched. Earlier this month, Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that exists in all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. There is an emergency in the […]

Pierluigi Paganini October 13, 2014
WAAR report – Web Attacks continue to increase, especially those launched from Amazon servers

The WAAR report issued by Imperva states that Web Attacks increasingly launched from Amazon servers, the overall number of attacks is also increasing. Cloud computing is considered an amazing opportunity for cybercrime, from the perspective of an attacher these powerful architectures have the necessary resources to conduct powerful attacks, and consider also that often the data archived in […]

Pierluigi Paganini October 09, 2014
Yahoo Contributors Network affected by Blind & Time Based SQL Injection flaws

Yahoo! Contributors Network was affected by a serious Time based Blind SQL Injection vulnerability which allows the theft of sensitive data. The Yahoo! Contributors Network allows writers to submit articles, videos, it also allows contributors to receive assignments from Yahoo related various domains like Sports and Finance. The security researcher Behrouz Sadeghipour reported to that The Yahoo! Contributors Network (contributor.yahoo.com) is […]

Pierluigi Paganini September 20, 2014
Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation

The Egyptian hacker Ebrahim Hegazy has discovered a critical Yahoo SQL Injection flaw exploitable to Remote Code Execution and privilege escalation. My readers know very well the Egyptian hacker Ebrahim Hegazy, he is a great security expert and a friend of mine, which disclosed numerous critical flaws in most popular web services, including Microsoft, Yahoo and Orange. […]

Pierluigi Paganini May 29, 2014
Nice Recording eXpress lawful intercept solution is flawed

Researchers at SEC Consult Vulnerability Lab discovered that Nice Recording eXpress lawful intercept software contains numerous flaws, including a backdoor. Nice Recording eXpress voice-recording package software used by law enforcement to intercept communications of suspects under investigation contains various flaws, this is the discovery of security researchers at SEC Consult Vulnerability Lab. The researchers have recently published an […]

Pierluigi Paganini April 18, 2014
Ponemon study – SQL Injection attacks too dangerous for organizations

A new study conducted by the Ponemon Institute reveals the impact of successfully SQL injection attacks on organizations during the last year. The Ponemon Institute published a new study titled “The SQL Injection Threat Study“ to understand the reply of organizations to the SQL injection threat. The study is sponsored by DB Networks, its Chairman and CEO Brett Helm used the following […]

Pierluigi Paganini April 15, 2014
Flickr affected by critical SQL Injection and Remote Code Execution bugs

The security expert Ibrahim Raafat discovered critical SQL injection vulnerabilities in Flickr Photo Books which allow attackers to gain complete control of the server and its database. The giant of online photo management and sharing Flickr, a Yahoo-owned company, was affected by critical vulnerabilities which allow attackers to gain access to the webserver website database. The alarming discovery […]

Pierluigi Paganini December 14, 2013
German researcher found remote code execution flaw on EBay subdomain

The German security researcher David Vieira-Kurz discovered a critical vulnerability in the Ebay website that allows an attacker a remote code execution. The German security researcher David Vieira-Kurz discovered a critical vulnerability in the official Ebay website in particular in its sub domain http://sea.ebay.com that allows an attacker a remote code execution. It’s not the first time […]

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Auchan discloses data breach: data of hundreds of thousands of customers exposed

    Data Breach / August 26, 2025

    U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

    Uncategorized / August 26, 2025

    Docker fixes critical Desktop flaw allowing container escapes

    Security / August 25, 2025

    Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

    Malware / August 25, 2025

    Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

    APT / August 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT