Join thousands of people who receive the latest breaking cybersecurity news every day.
The popular open-source repository SourceForge is investigating how a corrupted copy of phpMyAdmin came to be served from a Korean-based mirror. Logs indicate 400 users downloaded the malicious file before it was removed from rotation today.
A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.
According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.