Earlier this year, Russian cybercriminals started hawking around a new $500 (£385) tool called “Katyusha Scanner” that automates searching for and exploiting SQL injection (SQLi) vulnerabilities on websites. Sad to report, it’s proved popular in the underground, say the researchers who discovered it for sale, requiring paying customers to do little more than configure a server running the open-source Arachni web application scanner, normally a tool for pen-testing good guys.

Read full news article on Naked Security