A critical SQL injection vulnerability (CVE-2025-26794) in Exim affects over 60% of internet mail servers. Authenticated attackers can execute arbitrary SQL commands under specific configurations. Reported by Oscar Bataille, successful exploitation can manipulate databases and escalate privileges. Up-to-date patched versions are available; system administrators must verify installations and apply updates immediately to mitigate risks.
Chinese hackers evade ESET with MAVInject.exe
Chinese hacking group Earth Preta has been found using a novel technique to bypass antivirus software using a valid Microsoft tool, MAVInject.exe. The group’s malware
