Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Ivanti EPM: Security flaws allow SQL injection, privilege escalation

Ivanti warns of three security vulnerabilities in Endpoint Manager (EPM). They allow SQL injection or privilege escalation.

SAP Patchday: Critical vulnerabilities allow unauthorized login

SAP addresses 15 new security vulnerabilities in May. Two are considered critical and allow unauthorized login or SQL injection.
IEEE

A Control Injection Attack against S7 PLCs -Manipulating the Decompiled Code

Abstract: In this paper, we discuss an approach which allows an attacker to modify the control logic program that runs in S7 PLCs in its high-level decompiled format. Our full attack-chain compromises ...
IEEE

Feature Fusion-Based Detection of SQL Injection and XSS Attacks

Abstract: With the rapid development of the internet, network security issues are becoming increasingly severe. SQL injection attacks and XSS attacks are two common network attack methods that pose ...