I just posted an article on the SDL blog about the recent news of SQL injection vulnerabilities...