The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.
Opinion
Blue HeadlineqOpinion

MCP Server Security Benchmark 2026: How to Test Prompt Injection, Secret Leakage, and Permission Abuse

A practical MCP security benchmark for 2026: scoring model, risk map, and a 90-day hardening plan to prevent prompt injection, secret leakage, and permission abuse.
InfoWorld

The revenge of SQL: How a 50-year-old language reinvents itself

From the browser to the back end, the ‘boring’ choice is exciting again. We look at three trends converging to bring SQL back ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
The Hacker News

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

UNC4899 breached a crypto firm via AirDrop malware and cloud exploitation in 2025, stealing millions through Kubernetes and Cloud SQL abuse.