Opinion

密码藏在JavaScript代码里

19岁少年尼萨尔加·阿迪卡里发现印度中央中等教育委员会(CBSE)数字阅卷门户OnMark存在安全漏洞。2月25日,他报告首个漏洞,由SQL注入与硬编码主密码结合,可绕过认证访问评分仪表盘、更改成绩;5月25日,又发现会泄露考官信息的第二个漏洞。5月26日,CBSE否认有漏洞,5月31日承认存在“安全漏洞”,称已“控制”,并部署印度理工学院专家保障安全。 CBSE将OSM项目合同授予Coempt ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
IEEE

Node.js: Using JavaScript to Build High-Performance Network Programs

Abstract: One of the more interesting developments recently gaining popularity in the server-side JavaScript space is Node.js. It's a framework for developing high-performance, concurrent programs ...
theregister

Google tells database devs to lean hard on AI for PostgreSQL work

Google is encouraging its database developers to lean "heavily" on AI coding tools as it ramps up contributions to open source projects such as PostgreSQL. Earlier this year, Google announced a raft ...
CSOonline

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s ...
The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as ...

TIOBE Index for May 2026: Top 10 Most Popular Programming Languages

Python stays far ahead after another dip; C holds second, Java retakes third from C++, and R rises to eighth as SQL slips, ...
GitHub

dagre - Graph layout for JavaScript

Dagre is a JavaScript library that makes it easy to lay out directed graphs on the client-side. For more details, including examples and configuration options, please ...
GitHub

Microsoft SqlClient Data Provider for SQL Server

Microsoft.Data.SqlClient is a .NET data provider for Microsoft SQL Server and the Azure SQL family of databases. It grew from a union of the two System.Data.SqlClient components which live ...