An injection vulnerability exists in the open source software grafana, where an attacker can use a post request to the /api/ds/query api, and then they can modify the "rawSql" file to execute a malicious sql string, resulting in a blind time-based sql injection vulnerability that poses the threat of a database compromise.

The LockBit ransomware-as-a-service (RaaS) operation is the "leading" ransomware threat globally in 2022, with the highest number of targets.

This post focuses on the global landscape of ransomware attacks, the current state of the industry, and why attackers favor such attacks. The report points out that losses from ransom attacks mainly stem from business interruption, ransom payment and data leakage, and the amount of losses continues to climb. Domestically, companies are adopting a strategy of dealing with ransom incidents in secret, while regulators have also issued related prevention requirements. The article also describes the development of the ransom attack industry, including the rise of the "ransom-as-a-service" model.

New research has found that more than 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "Jacob Baines, CTO of VulnCheck (…

This is Google’s fourth annual review [2021, 2020, 2019] of 0day vulnerabilities exploited in the wild, and is based on the mid-2022 review. The purpose of this report is not to detail each individual vulnerability, but to analyze vulnerabilities throughout the year, looking for trends, gaps, lessons learned, and successes.

Overview: Since Forrester analyst John Kindwig proposed the term "Zero Trust" in 2010, with the rise of the digital economy and remote working, Zero Trust has gradually moved from concept to implementation. As a new generation of network…