The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.

ICS-CERT warns of default credentials in Schneider Electric Wonderware Historian that can be abused to compromise Historian databases.

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in...

LAS VEGAS—Buried in the pages of the secure configuration guide for Oracle EBusiness Suite 11i is a declaration that SQL injection just isn’t a thing for the ubiquitous enterprise software. “Of the many potential SQL injections we have seen reported, we have yet to find a single confirmed example,” the guide says. “That’s a like...

Child safety firm uKnowKids is blasting a security researcher who discovered the company exposed 1,700 identities of the children they were supposed to be protecting. On Monday, security researcher Chris Vickery alerted uKnowKids, a company that helps parents keep tabs on their kid’s online activities, that one of its databases containing sensitive company information and...