SQL Injection Attack: What is it, and how to prevent it. The way that Yahoo! was hacked, SQL Injection attack, is the same method as many other hacks in the news recently: SQL Injection.

Microsoft has issued an advisory that a known critical vulnerability in older versions of Windows SQL Server now has proven attack code, developed by a security firm weary of waiting for a patch ...

Security researchers say a massive SQL injection has compromised more than 1.5 million URLs.

Kaspersky Lab researchers said that had the attack on its Web site been more sophisticated, the hacker could have stolen e-mail addresses and 25,000 activation codes.

Unsurprisingly enough, it turns out that Google isn't actually using its Web crawlers to perform SQL injection attacks on other people's sites. Unknown, and presumably malicious, third parties are.