SQL injections seem to be a solved problem; databases have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection.| pspaul's blog
ProxyShell vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world.| Help Net Security
The Biden administration is looking to understand just how widespread open-source software is in critical infrastructure.| CyberScoop