Opinion

密码藏在JavaScript代码里

19岁少年尼萨尔加·阿迪卡里发现印度中央中等教育委员会(CBSE)数字阅卷门户OnMark存在安全漏洞。2月25日,他报告首个漏洞,由SQL注入与硬编码主密码结合,可绕过认证访问评分仪表盘、更改成绩;5月25日,又发现会泄露考官信息的第二个漏洞。5月26日,CBSE否认有漏洞,5月31日承认存在“安全漏洞”,称已“控制”,并部署印度理工学院专家保障安全。 CBSE将OSM项目合同授予Coempt ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

TIOBE Index for May 2026: Top 10 Most Popular Programming Languages

Python stays far ahead after another dip; C holds second, Java retakes third from C++, and R rises to eighth as SQL slips, ...
Houston Chronicle

How to Attach an SQL Database to a Web Page

The structured query language is a powerful tool for connecting to many database systems that store data in tables organized into rows and columns. It's often used on the backend of business websites ...
InfoWorld

The revenge of SQL: How a 50-year-old language reinvents itself

Prototyping is my favorite part of programming. I like building new stuff and getting things working. It’s no surprise, then, that I am a big fan of MongoDB and NoSQL in general. Don’t get me wrong: I ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
Microsoft

Microsoft SQL Server Blog

SQL Server 2025 is the most significant release for SQL developers in the last decade and will help streamline application development and greatly reduce complexity. Announcing SQL Server ...
GitHub

Prettier plugin SQL-CST

Like Prettier for JavaScript, this plugin formats SQL expressions differently depending on their length. A short SQL query will be formatted on a single line: Adapt formatting based on expression ...
ICTSD

What Is Sql Server Business Intelligence Edition?

Querying relational databases requires SQL, which is the only language designed to communicate with them. As a matter of fact, how SQL is used distinguishes business intelligence tools from one ...
Hackaday

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s graphical calculator. In a ...