Opinion

密码藏在JavaScript代码里

19岁少年尼萨尔加·阿迪卡里发现印度中央中等教育委员会(CBSE)数字阅卷门户OnMark存在安全漏洞。2月25日,他报告首个漏洞,由SQL注入与硬编码主密码结合,可绕过认证访问评分仪表盘、更改成绩;5月25日,又发现会泄露考官信息的第二个漏洞。5月26日,CBSE否认有漏洞,5月31日承认存在“安全漏洞”,称已“控制”,并部署印度理工学院专家保障安全。 CBSE将OSM项目合同授予Coempt ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Google tells database devs to lean hard on AI for PostgreSQL work

Google is encouraging its database developers to lean "heavily" on AI coding tools as it ramps up contributions to open ...

TIOBE Index for May 2026: Top 10 Most Popular Programming Languages

Python stays far ahead after another dip; C holds second, Java retakes third from C++, and R rises to eighth as SQL slips, ...
Houston Chronicle

How to Attach an SQL Database to a Web Page

The structured query language is a powerful tool for connecting to many database systems that store data in tables organized into rows and columns. It's often used on the backend of business websites ...
Cult of Mac

Get 15 coding courses, plus Microsoft Visual Studio Pro 2026, for just $59.99

This bundle pairs a lifetime license of Microsoft Visual Studio Professional 2026 with 15 in-depth coding courses covering Python, JavaScript, Java, SQL and more, all for just $59.99 (regularly $1,999 ...
Microsoft

Microsoft SQL Server Blog

SQL Server 2025 is the most significant release for SQL developers in the last decade and will help streamline application development and greatly reduce complexity. Announcing SQL Server ...
InfoWorld

13 reasons SQL has got to go

Why is the language developers and DBAs use to organize data such a mess? Here are 13 reasons we wish we could quit SQL, even though we probably won't. For all its popularity and success, SQL is a ...
GitHub

Prettier plugin SQL-CST

Like Prettier for JavaScript, this plugin formats SQL expressions differently depending on their length. A short SQL query will be formatted on a single line: Adapt formatting based on expression ...
Hackaday

Abusing DuckDB-WASM To Create Doom In SQL

These days you can run Doom anywhere on just about anything, with things like porting Doom to JavaScript these days about as interesting as writing Snake in BASIC on one’s graphical calculator. In a ...