PostgreSQL News Articles

PostgreSQL vulnerability exploited in US Treasury attack

Discover how a critical PostgreSQL vulnerability led to a significant cyberattack on the US Treasury, exposing sensitive financial data.

3 days ago

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) - Help Net Security

The hackers breached the US Treasury by leveraging two zero-days: CVE-2024-12356 (in BeyondTrust RS) and CVE-2025-1094 (in PostgreSQL).

5 days ago

Critical PostgreSQL bug tied to zero-day attack on US Treasury

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say. Rapid7's principal security...

1 week ago

PostgreSQL bug played key role in zero-day Treasury attack

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say. Rapid7's principal security...

1 week ago

PostgreSQL Patched Critical SQL Injection Vulnerability

Security researchers at Rapid7 have uncovered a significant SQL injection vulnerability (CVE-2025-1094) affecting PostgreSQL's interactive terminal tool psql.Rapid7 noted the vulnerability discovered during...

1 week ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. 

1 week ago

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.

1 week ago

Rapid7 Discovers High-Severity SQL Injection Vulnerability - Australian Cyber Security Magazine

Cybersecurity company Rapid7 has discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 - an unauthenticated remote code executi...

1 week ago

Rapid7 discovers ‘high-severity’ PostgreSQL injection zero-day vulnerability

A high-severity vulnerability in an open-source SQL database has been discovered by the team at cyber security firm Rapid7.

1 week ago

High-severity SQL vulnerability found in PostgreSQL tool

Rapid7 has revealed a critical SQL injection vulnerability in PostgreSQL's psql tool, potentially exposing users to severe security risks.

1 week ago

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Cybersecurity researchers have identified a serious security flaw in PostgreSQL that could lead to data breaches and system compromise.

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Critical PostgreSQL flaw (CVE-2024-10979) patched; update now to prevent code execution and data breaches.

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

PostgreSQL Vulnerability, pg_dump utility poses a significant security risk, especially when executed by superusers.

PostgreSQL: Neue Sicherheitslücke! Schwachstelle ermöglicht Privilegieneskalation

Das BSI hat einen aktuellen IT-Sicherheitshinweis für PostgreSQL veröffentlicht. Mehr über die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.

CVE-2024-0985: A Critical Security Vulnerability in PostgreSQL - OP INNOVATE

CVE-2024-0985 poses a critical risk to PostgreSQL versions 12-15, allowing elevated privilege attacks via specific operations. Immediate upgrade to patched versions (12.18, 13.14, 14.11, 15.6) is crucial. Exercise caution with untrusted materialized views to mitigate potential data breaches.

CVE-2024-0985: PostgreSQL's Critical Security Flaw Exposed

This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with elevated privileges