News

Patch Tuesday: Microsoft Addresses 137 Vulnerabilities, Including High-Severity SQL Server RCE
Patch Tuesday fixes 137 vulnerabilities, including critical flaws in SQL Server, Netlogon, Office, and the .NET Framework.
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to ...
The Hacker News3d
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.
Bleeping Computer2y
Over 29,000 QNAP devices vulnerable to code injection attacks
Remote threat actors can exploit this SQL injection vulnerability (CVE-2022-27596) to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices.
SecurityWeek7d
Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday
Microsoft rolled out fixes for 130 security vulnerabilities, including a zero-day (CVE-2025-49719) in SQL Server.
The Hacker News5d
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
"Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network," Microsoft said in an advisory. "An attacker could exploit this ...
Ars Technica5mon
What is device code phishing, and why are Russian spies so successful ...
What is device code phishing, and why are Russian spies so successful at it? Overlooked attack method has been used since last August in a rash of account takeovers.
ZDNet17y
Microsoft ships free code auditing tools to thwart SQL ... - ZDNET
On the heels of a dramatic rise in SQL injection attacks linked to drive-by malware downloads, Microsoft has released aimed at helping Webmasters and IT administrators block and eradicate this ...