The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.
Opinion
Blue HeadlineqOpinion

MCP Server Security Benchmark 2026: How to Test Prompt Injection, Secret Leakage, and Permission Abuse

A practical MCP security benchmark for 2026: scoring model, risk map, and a 90-day hardening plan to prevent prompt injection, secret leakage, and permission abuse.

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.
InfoWorld

The revenge of SQL: How a 50-year-old language reinvents itself

From the browser to the back end, the ‘boring’ choice is exciting again. We look at three trends converging to bring SQL back ...
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

OrgFlow Launches Managed Repositories to Simplify Salesforce DevOps for All Teams

New feature removes the requirement for external Git accounts, allowing Salesforce teams to automate deployments and ...