Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
Automate safe database copies for devs. MaskDump anonymizes emails & phones in huge SQL dumps via pipelines. Compare tools, see configs. https://hackernoon.com/from-production-to-dev-safe-database-copies-with-maskdump #databasesecurity
Lỗ hổng Mongobleed (CVE-2025-14847) trong MongoDB: Ngay cả khi cấu hình đúng, hệ thống có thể rò rỉ bộ nhớ, phơi bày dữ liệu nhạy cảm mà không kích hoạt cảnh báo. Câu hỏi đặt ra: Làm thế nào phát hiện rò rỉ bộ nhớ runtime mà không tạo nhiễu? #AnToànCơSởDữLiệu #BảoMậtMáyTính #LỗHổngBảoMật
#DatabaseSecurity #Cybersecurity #Vulnerability #MongoDB #MemoryLeak
https://www.reddit.com/r/SaaS/comments/1q1y7w5/runtime_memory_vulnerabilities_in_mongodb/
MongoDB Server Security Update, December 2025
https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025
#HackerNews #MongoDB #Security #Update #December2025 #ServerUpdate #DatabaseSecurity
A high-severity flaw known as MongoBleed (CVE-2025-14847) is currently being exploited in the wild.
The scale is significant:
🔍 Wiz researchers have confirmed active exploitation.
📊 Data from Shodan and Censys reveals between 87,000 and 100,000 potentially vulnerable MongoDB instances.
Read More: https://www.security.land/mongobleed-alert-cve-2025-14847-exploited-in-the-wild/
#SecurityLand #CyberSecurity #InfoSec #MongoDB #MongoBleed #DatabaseSecurity #Wiz #Shodan #Censys #CloudSecurity
It's been a bit quiet over the last 24 hours, so it'll be a short post today focusing on a significant vulnerability impacting MongoDB. Let's dive in:
MongoDB Unauthenticated Memory Read Flaw ⚠️
- A high-severity vulnerability, CVE-2025-14847 (CVSS 8.7), has been disclosed in MongoDB, allowing unauthenticated attackers to read uninitialized heap memory.
- The flaw stems from improper handling of length parameter inconsistency in Zlib compressed protocol headers, potentially disclosing sensitive in-memory data like internal state or pointers.
- Admins should upgrade immediately to patched versions (e.g., 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30). If immediate upgrade isn't possible, disable zlib compression on the MongoDB Server as a temporary mitigation.
📰 The Hacker News | https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html
#CyberSecurity #Vulnerability #MongoDB #CVE #InfoSec #DatabaseSecurity #ThreatIntelligence #PatchNow
Để LLM truy vấn cơ sở dữ liệu an toàn, cần một kiến trúc 5 lớp. Trọng tâm là "Agent Views" (chế độ xem SQL được sandbox) giúp giới hạn quyền truy cập và loại bỏ dữ liệu nhạy cảm. "MCP Tool Interface" bổ sung các lớp kiểm tra chính sách. Kiến trúc này đảm bảo an toàn dữ liệu, kiểm soát truy cập và giảm thiểu "ảo giác" cho LLM.
#LLM #AI #DatabaseSecurity #DataSafety #Architecture #Security
#BảoMậtDữLiệu #TríTuệNhânTạo #HệThốngDữLiệu #BảoMật
China-linked APT actively targeting enterprise SQL databases
Custom tools + SQL injection = systematic IP theft across tech, telecom, finance sectors
CORTEX Analysis: Databases now primary espionage targets—not email endpoints
Tired of wrestling with TLS certs and CAs for your database? MariaDB 11.8's zero-configuration TLS requires no manual setup 🚀
Check out security management tips at
https://optimizedbyotto.com/post/zero-configuration-tls-mariadb-11.8/
#MariaDB #DatabaseSecurity #OpenSource
pgAdmin CVE-2025-9636 vulnerability enables OAuth session hijacking, threatening PostgreSQL database security. Database administrators must prioritize pgAdmin 9.8 upgrade immediately. Essential reading for cybersecurity professionals.
#SecurityLand #CyberWatch #Cybersecurity #PostgreSQL #DatabaseSecurity #CVE #OAuth #pgAdmin
Need to monitor your PostgreSQL DB without giving admin permissions? 🤔
Just documented how to create a read-only user that can:
📊 View system statistics
👀 Monitor active processes
🔒 No access to sensitive tables
Full tutorial 👇
#PostgreSQL #DatabaseSecurity
https://dev.to/ivajofranc/how-to-create-a-read-only-user-in-postgresql-with-access-to-statistics-1394
¿Necesitas monitorizar tu BD PostgreSQL sin dar permisos de admin? 🤔
Acabo de documentar cómo crear un usuario de solo lectura que puede:
📊 Ver estadísticas de sistema
👀 Monitorizar procesos activos
🔒 Sin acceso a tablas sensibles
Tutorial completo 👇
#PostgreSQL #DatabaseSecurity
The session started with Zhou et al.'s "Enhancing Database Encryption," highlighting new adaptive measures against LLM-based reverse engineering. (https://www.acsac.org/2024/program/final/s313.html) 2/6
#GenerativeAI #LLM #Cybersecurity #DatabaseSecurity
Everything About SQL Injection 💉
What is SQL Injection?
SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.
🔬Types of SQL Injection
1️⃣ Classic SQLi – Injecting raw SQL commands.
2️⃣ Blind SQLi – No errors, but the response changes.
3️⃣ Time-Based SQLi – Uses response delays to extract data.
4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.
5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.
♦️Potential Impact
▫️Access & dump sensitive data
▫️Bypass login systems
▫️Alter or delete database entries
▫️Full system compromise
🔰Common Entry Points
▫️Login forms
▫️Search inputs
▫️Contact forms
▫️URL query parameters
Defense Strategies 🛡
✅ Use parameterized queries
✅ Validate & sanitize inputs
✅ Apply least privilege to DB accounts
✅ Monitor logs for anomalies
✅ Perform regular security audits
📀Image Description (for visual):
🔹A sleek cyber-themed layout with:
🔹A hacker icon injecting code
🔹A login form being exploited
🔹Database icons showing exposed data
🔹A shield labeled “Prepared Statements” blocking the attack
🔖Tags
#SQLInjection #CyberSecurity #EthicalHacking #WebSecurity #BugBounty #InfoSec #Pentesting #OWASP #DatabaseSecurity #HackerTips
⚠️Disclaimer
This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity.
SQL Server Directory Creation: Solving Permission Errors for Non-Admin Users
Secure SQL Server directory creation using SQL Server Agent jobs & PowerShell scripts. Prioritize least privilege & avoid risky extended stored procedures. Improve security & maintainability! #SQLServerSecurity #DirectoryCreation #PowerShell #SQLServerAgent #LeastPrivilege #DatabaseSecurity
https://tech-champion.com/database/sql-server/sql-server-directory-creation-solving-permission-errors-for-non-admin-users/
...
SQL Server User Permissions: A Comprehensive Guide to Schema Privileges
Master SQL Server User Permissions for robust database security! Learn to analyze permissions across schemas, join system views efficiently, and handle null values. #SQLServer #DatabaseSecurity #UserPermissions #SQLtutorial #DataAnalysis #SchemaManagement
https://tech-champion.com/database/sql-server/sql-server-user-permissions-a-comprehensive-guide-to-schema-privileges/
...
Dynamic SQL in DB2: Using Variables for Table Names
Learn about DB2 Dynamic SQL: build flexible queries with variables, but prioritize security! Use prepared statements to prevent SQL injection. Master secure coding practices for robust database apps. #DB2DynamicSQL #DynamicSQL #SQLInjection #PreparedStatements #DatabaseSecurity #DB2
https://tech-champion.com/database/db2luw/dynamic-sql-in-db2-using-variables-for-table-names/
...
SQL Server Directory Creation: Solving Permission Errors for Non-Admin Users
Secure SQL Server directory creation using SQL Server Agent jobs & PowerShell scripts. Prioritize least privilege & avoid risky extended stored procedures. Improve security & maintainability! #SQLServerSecurity #DirectoryCreation #PowerShell #SQLServerAgent #LeastPrivilege #DatabaseSecurity
https://tech-champion.com/database/sql-server/sql-server-directory-creation-solving-permission-errors-for-non-admin-users/
...
SQL Server User Permissions: A Comprehensive Guide to Schema Privileges
Master SQL Server User Permissions for robust database security! Learn to analyze permissions across schemas, join system views efficiently, and handle null values. #SQLServer #DatabaseSecurity #UserPermissions #SQLtutorial #DataAnalysis #SchemaManagement
https://tech-champion.com/database/sql-server/sql-server-user-permissions-a-comprehensive-guide-to-schema-privileges/
...
Dynamic SQL in DB2: Using Variables for Table Names
Learn about DB2 Dynamic SQL: build flexible queries with variables, but prioritize security! Use prepared statements to prevent SQL injection. Master secure coding practices for robust database apps. #DB2DynamicSQL #DynamicSQL #SQLInjection #PreparedStatements #DatabaseSecurity #DB2
https://tech-champion.com/database/db2luw/dynamic-sql-in-db2-using-variables-for-table-names/
...
