PHP is a very handy — and widespread — Web programming language. But as Tom Scott demonstrates in the video below, it’s also quite vulnerable to a basic SQL injection attack that could give a hacker ...

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks. According to an advisory from the maintainers of the ...

Mike Chapple is a teaching professor of IT, analytics and operations at the University of Notre Dame. On Dec. 26, 2007, Albert Gonzalez, a 28-year-old resident of Miami, launched an attack against the ...

Drupal has released a patch for a highly critical flaw in its content management system, which could allow rogue code to run. Drupal, which is a volunteer open-source project whose software is used by ...

Last week, a large scale SQL Injection attack dubbed LizaMoon, referencing one of the domain names used in the attack, surfaced. This attack targets websites by injecting code that redirects visitors ...

Typical speed camera traps have built-in OCR software that is used to recognize license plates. A clever hacker decided to see if he could defeat the system by using SQL Injection… The basic premise ...

Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists ...

According to Michael Perone, Barracuda's executive vice president, the attack occurred when the company's web application firewall was accidentally set in passive monitoring mode during a weekend ...

The Magento content management system used by thousands of online shops has received fixes for several serious vulnerabilities, including an unauthenticated SQL injection flaw that’s likely to soon ...

Eric Daigle, a computer scientist and white hat hacker, has revealed in a blog post how he exploited a vulnerability in a spyware app for Android devices called 'Catwatchful' to gain access to ...