tldrdailynews.com logo
Tag

Sql Injection

All articles tagged with #sql injection

Ghost CMS flaw spawns 700-site ClickFix loader campaign
technology4 days ago

Ghost CMS flaw spawns 700-site ClickFix loader campaign

Threat actors exploited Ghost CMS CVE-2026-26980, a critical Content API SQL injection, to steal Admin API keys and inject malicious JavaScript across 700+ sites, enabling two-stage payload delivery for ClickFix-style fake CAPTCHA attacks; a patch (Ghost 6.19.1) was released in February 2026, and victims span universities, blockchain, SaaS, media, and finance. Remediation: upgrade, rotate credentials, audit access logs, and alert users who visited affected sites.

via The Hacker News|
#admin-api-key#clickfix#cve-2026-26980
Global Ghost CMS flaw exploited to steal admin keys and push ClickFix scam
security6 days ago

Global Ghost CMS flaw exploited to steal admin keys and push ClickFix scam

A widespread campaign abused a critical Ghost CMS SQL injection (CVE-2026-26980) affecting versions 3.24.0–6.19.0 to read database data and steal admin API keys, then injects malicious JavaScript into articles. The loader fetches a second-stage payload that triggers a fake Cloudflare prompt and a ClickFix lure, leading victims to a Windows command prompt instruction and subsequent malware downloads. High-profile targets (Harvard, Oxford, Auburn, DuckDuckGo) were affected. Ghost released fix 6.19.1 on Feb 19, but many sites have not updated. Action items: upgrade to 6.19.1+, rotate all exposed keys, and review up to 30 days of admin API call logs to identify IoCs and remove injected scripts.

via BleepingComputer|
#admin-api-keys#clickfix#cve-2026-26980
Active Fortinet SQL Flaw Targets FortiClient EMS, CISA Warns
cyber-security-news1 month ago

Active Fortinet SQL Flaw Targets FortiClient EMS, CISA Warns

CISA added CVE-2026-21643, a critical unauthenticated SQL injection in Fortinet FortiClient EMS, to the Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw enables remote code execution without authentication, risking full database compromise on affected FortiClient EMS deployments. Fortinet has released patches; federal agencies must patch by April 16, 2026, and private-sector admins are urged to patch within three days, monitor for unusual HTTP requests targeting EMS, and take the server offline if patching isn’t possible.

via CyberSecurityNews|
#cisa-kev#cve-2026-21643#cyber-security-news
"Millions of WordPress Sites at Risk Due to Critical LayerSlider Plugin Flaw"
technology2 years ago

"Millions of WordPress Sites at Risk Due to Critical LayerSlider Plugin Flaw"

A critical SQL injection vulnerability (CVE-2024-2879) in the LayerSlider WordPress plugin, affecting versions 7.9.11 through 7.10.0, puts over one million sites at risk of data breaches and complete takeover. The flaw, discovered by researcher AmrAwad and reported to Wordfence, allows attackers to extract sensitive data from the site's database. The plugin's creator, Kreatura Team, released a security update (version 7.10.1) within 48 hours of notification, urging all users to upgrade immediately. WordPress site admins are advised to prioritize applying security updates, disable unnecessary plugins, use strong passwords, and deactivate dormant accounts to enhance site security.

via BleepingComputer|
#layerslider#plugin-update#security-vulnerability
"Millions of WordPress Sites at Risk: Critical Security Flaw Discovered in LayerSlider Plugin"
web-security-vulnerability2 years ago

"Millions of WordPress Sites at Risk: Critical Security Flaw Discovered in LayerSlider Plugin"

A critical security flaw (CVE-2024-2879) in the LayerSlider plugin for WordPress could lead to the extraction of sensitive information from databases. The flaw, impacting versions 7.9.11 through 7.10.0, has been addressed in version 7.10.1. Additionally, other WordPress plugins such as WP-Members Membership, Tutor LMS, and Contact Form Entries have also been found to have security vulnerabilities that could be exploited for various malicious activities.

via The Hacker News|
#layerslider#security-flaw#sql-injection
Rising Concerns: MOVEit Transfer Software Faces Multiple Critical Flaws and Breaches
cybersecurity2 years ago

Rising Concerns: MOVEit Transfer Software Faces Multiple Critical Flaws and Breaches

Progress Software has patched a critical SQL injection vulnerability, CVE-2023-36934, in its MOVEit Transfer software, which could allow unauthenticated attackers to gain unauthorized access to the database. This vulnerability is particularly dangerous as it can be exploited without valid credentials. Two other high-severity vulnerabilities, CVE-2023-36932 and CVE-2023-36933, have also been addressed in the update. Users are advised to update to the latest version of MOVEit Transfer to mitigate the risks associated with these vulnerabilities.

via The Hacker News|
#cybersecurity#moveit-transfer#patching
The MOVEit Ransomware Attack: Vulnerabilities and Extortion Efforts.
cybersecurity2 years ago

The MOVEit Ransomware Attack: Vulnerabilities and Extortion Efforts.

Progress Software's managed file transfer application, Moveit, has been hit by a third vulnerability, CVE-2023-35708, which allows hackers to gain unauthorized access to its database. The vulnerability joins two previously reported issues, CVE-2023-34362 and CVE-2023-35036. More than 3,000 hosts are running the software, with over 30% in the financial services industry. Progress Software recommends users and hosts patch the product and mitigate the vulnerabilities immediately. Researchers believe the Clop ransomware gang has been aware of the vulnerability since 2021.

via TechSpot|
#cybersecurity#managed-file-transfer#progress-software
MOVEit Transfer Vulnerabilities: Experts Discover New Flaws and Warn of Lingering Impact.
cybersecurity3 years ago

MOVEit Transfer Vulnerabilities: Experts Discover New Flaws and Warn of Lingering Impact.

Progress Software has released security updates to fix new SQL injection vulnerabilities in the MOVEit Transfer application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. All versions of MOVEit Transfer are affected by these vulnerabilities. The vulnerabilities were discovered by researchers from the cybersecurity firm Huntress. The Clop ransomware gang claims to have hacked hundreds of companies by exploiting a previous MOVEit Transfer vulnerability. Progress Software is not aware of attacks in the wild exploiting these new vulnerabilities.

via Security Affairs|
#cybersecurity#moveit-transfer#progress-software
MOVEit Transfer faces multiple critical vulnerabilities, urgent patching required.
cybersecurity3 years ago

MOVEit Transfer faces multiple critical vulnerabilities, urgent patching required.

Progress Software has warned customers of newly discovered critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can allow attackers to steal information from customers' databases. The security bugs were discovered with the help of cybersecurity firm Huntress following detailed code reviews initiated by Progress on May 31. The vulnerabilities affect all MOVEit Transfer versions and enable unauthenticated attackers to compromise Internet-exposed servers to alter or extract customer information. Progress has released a patch for the vulnerabilities and urges all customers to apply it immediately. The Clop ransomware gang has claimed responsibility for targeting a MOVEit Transfer zero-day vulnerability, which led to a series of data-theft attacks that have allegedly affected "hundreds of companies."

via BleepingComputer|
#clop-ransomware#cybersecurity#data-theft
Ransomware Gang Exploits MOVEit Transfer Vulnerability for Cyberattacks.
cybersecurity3 years ago

Ransomware Gang Exploits MOVEit Transfer Vulnerability for Cyberattacks.

The Cl0p Ransomware Gang has been exploiting a critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. The gang has issued an ultimatum to several impacted businesses, urging them to get in touch by June 14, 2023, or risk getting all their stolen data published. The abuse of CVE-2023-34362, an SQL injection flaw in MOVEit Transfer, is a sign of the adversary continuously seeking zero-day exploits in internet-facing applications and using them to their advantage in order to extort victims.

via The Hacker News|
#cl0p-ransomware#cybercrime#cybersecurity
Major Companies Fall Victim to Widespread MOVEit Cyber Attacks
cybersecurity3 years ago

Major Companies Fall Victim to Widespread MOVEit Cyber Attacks

Organizations of all sizes are being targeted by the Clop ransomware group through a critical vulnerability in the widely used file-transfer program, MOVEit. The attacks are fueled by a recently patched SQL injection vulnerability, allowing attackers to steal data from compromised servers. The attacks have hit banks, government agencies, and other targets in alarmingly high numbers. The attacks are described as widespread and are expected to get worse.

via Ars Technica|
#clop#cybersecurity#data-breach
MOVEit Transfer App Exploited by Hackers for Data Theft and Ransomware Attacks, Microsoft and CISA Warn
cybersecurity3 years ago

MOVEit Transfer App Exploited by Hackers for Data Theft and Ransomware Attacks, Microsoft and CISA Warn

Microsoft has linked the ongoing exploitation of a critical flaw in the Progress Software MOVEit Transfer application to the Lace Tempest threat actor. The group is known for exploiting different zero-day flaws to siphon data and extort victims. The flaw, CVE-2023-34362, allows attackers to authenticate as any user and gain access to the database and execute arbitrary code. At least 3,000 exposed hosts are believed to be utilizing the MOVEit Transfer service. Users are recommended to apply vendor-provided patches as soon as possible to secure against potential risks.

via The Hacker News|
#cybersecurity#data-exfiltration#lace-tempest