#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

PostgreSQL | Breaking Cybersecurity News | The Hacker News

Category — PostgreSQL
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Apr 01, 2025 Cryptojacking / Cloud Security
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM . The campaign has been attributed to a threat actor Wiz tracks as JINX-0126. "The threat actor has since evolved, implementing defense evasion techniques such as deploying binaries with a unique hash per target and executing the miner payload filelessly – likely to evade detection by [cloud workload protection platform] solutions that rely solely on file hash reputation," researchers Avigayil Mechtinger, Yaara Shriki, and Gili Tikochinski said . Wiz has also revealed that the campaign has likely claimed over 1,500 victims to date, indicating that publicly-exposed PostgreSQL instances with weak or predictable credentials are prevalent enough to become ...
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Feb 14, 2025 Zero-Day / Vulnerability
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands," security researcher Stephen Fewer said . The cybersecurity company further noted that it made the discovery as part of its investigation into CVE-2024-12356 , a recently patched security flaw in BeyondTrust software that allows for unauthenticated remote code execution. Specifically, it found that "a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achie...
cyber security

10 Steps to Microsoft 365 Cyber Resilience

websiteVeeamCyber Resilience / Data Security
75% of organizations get hit by cyberattacks, and most report getting hit more than once. Read this ebook to learn 10 steps to take to build a more proactive approach to securing your organization's Microsoft 365 data from cyberattacks and ensuring cyber resilience.
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Nov 15, 2024 Vulnerability / Database Security
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 , carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program to dynamically fetch various kinds of information, such as access keys and software installation paths, during runtime without having to hard-code them. In certain operating systems, they are initialized during the startup phase. "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g., PATH )," PostgreSQL said in an advisory released Thursday. "That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user." ...
cyber security

The Ultimate Guide to SaaS Identity Security in 2025

websiteWing SecuritySaaS Security / Identity Threat Detection
Discover how to protect your SaaS apps from identity-based breaches with this expert 2025 guide—learn practical steps to secure every account and keep your data safe.
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Mar 21, 2024 Database / Vulnerability
Atlassian has released patches for  more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as  CVE-2024-1597 , the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it "presents a lower assessed risk" despite the criticality. "This org.postgresql:postgresql dependency vulnerability [...] could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction," Atlassian  said . According to a  description  of the flaw in the NIST's National Vulnerability Database (NVD), "pgjdbc, the PostgreSQL JDBC Driver, allows attac...
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases

Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases

Apr 20, 2023 Cloud Security / Vulnerability
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain attack on both Alibaba database services, leading to an RCE on Alibaba database services," cloud security firm Wiz  said  in a new report shared with The Hacker News. The  issues , dubbed  BrokenSesame , were reported to Alibaba Cloud in December 2022, following mitigations were deployed by the company on April 12, 2023. There is no evidence to suggest that the weaknesses were exploited in the wild. In a nutshell, the vulnerabilities – a privilege escalation flaw in AnalyticDB and a remote code execution bug in ApsaraDB RDS – made it possible to elevate privileges to root ...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

Jan 09, 2023 Kubernetes / Cryptojacking
The threat actors behind the  Kinsing  cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud,  said  in a report last week. Kinsing has a  storied history  of targeting  containerized environments , often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software. The threat actor, in the past, has also been discovered  employing a rootkit  to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes. Now according to Microsoft, misconfigurations in  PostgreSQL servers  have been co-opted by the Kinsing actor to gain an initial foothold, with the company...
Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Dec 02, 2022 Kubernetes / Cloud Security
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari  said . Hell's Keychain commences with an SQL inject...
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Apr 29, 2022
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center (MSRC)  said . New York City-based cloud security company Wiz, which uncovered the flaws, dubbed the exploit chain " ExtraReplica ." Microsoft said it mitigated the bug within 48 hours of disclosure on January 13, 2022. Specifically, it relates to a case of privilege escalation in the Azure PostgreSQL engine to gain code execution and a cross-account authentication bypass by means of a forged certificate, allowing an attacker to create a database in the target's Azure r...
Expert Insights / Articles Videos
Cybersecurity Resources