📊 HiddenMerit Daily · Issue 9
Focus on Database Frontiers, Practical Insights for DBAs May 4, 2026 | 5 Selected Global Breaking News
01|Southeast Asian Military Government Network Suffers Chain Attack: cPanel Zero-Day + PostgreSQL Command Injection as Key Breach Points
A recent cyberattack targeting government and military infrastructure in Southeast Asia has been exposed, leveraging CVE-2026-41940 and other vulnerabilities in combination. Attackers first used a critical authentication bypass vulnerability in cPanel and WHM (CVSS 9.8, affecting all versions after v11.40) to gain administrator privileges by bypassing login authentication. Targeting a training portal of an Indonesian defense agency, attackers exploited valid credentials already in hand and a zero-day vulnerability to bypass the CAPTCHA mechanism by directly reading the expected verification code value from session cookies issued by the server. During the core data exfiltration phase, attackers injected SQL through a file-saving endpoint via the document-name field, then used PostgreSQL’s COPY … TO PROGRAM functionality to elevate privileges from the database layer directly to the operating system, executing arbitrary shell commands, capturing the output, and re-ingesting it into application records via pg_read_file() – achieving silent data infiltration. Approximately 110 files (about 4.37 GB) were stolen, including sensitive materials such as financial workbooks and meeting minutes from 2020 to 2024 belonging to the Electrification Committee of the China Railway Society.
· DBA Perspective: The most alarming attack vector in this incident is PostgreSQL’s COPY … TO PROGRAM feature. Many DBAs are unaware that this capability, which is enabled by default, can directly convert SQL commands into operating system-level instructions, bypassing all application-layer defenses. This requires DBAs to audit whether there is unrestricted authorized access to other high-risk PostgreSQL features. Additionally, the attacker’s ability to bypass CAPTCHA by reading data from session cookies further highlights the limitations of relying solely on application-layer defenses. · CTO Perspective: This attack reveals the fragility of multi-layer security defense – cPanel bypass, application-layer CAPTCHA failure, database command injection, and silent data exfiltration – almost no layer fully held. The network boundaries of enterprises and governments have become extremely blurred, and supply chain security (infrastructure components like cPanel, PostgreSQL, etc.) is becoming the weakest link in defense. · Investor Perspective: The game of attack and defense has evolved from single vulnerability exploitation to multi-tool, multi-layer persistent infiltration operations. Cybersecurity companies that can provide integrated security posture awareness, cross-layer attack chain analysis, and real-time blocking capabilities will benefit from this wave of defense upgrades. At the same time, as PostgreSQL becomes a more critical foundation for AI applications, its security features (high-risk features disabled by default, behavioral baseline analysis, etc.) will increasingly become core purchasing decision factors for enterprise customers.
02|OceanBase Announces Global Results: Overseas Revenue Up 200%, Covering Over 1.3 Billion Users
The domestic database OceanBase recently disclosed detailed progress of its global business for the first time. In the fintech sector, it has served over 100 enterprises worldwide, covering more than 20 e-wallets and over 50 payment platforms, with these customers collectively covering more than 1.3 billion end users. In the traditional finance industry, it has served over 400 financial institutions, with more than 60% deploying it in core business systems, including cross-border institutions such as HSBC and Hang Seng Bank. Benchmark cases include the Philippine national financial app GCash and Malaysia’s TNG e-wallet, which has over 26 million verified users. After migrating to OceanBase, GCash reduced storage space by 70% and resource costs by 40%; with OceanBase’s help, TNG passed an extreme stress test of 40,000 transactions per second with zero downtime. Overseas revenue grew 200% year-on-year, and a global support center was established in Kuala Lumpur, Malaysia, promising 7×24 hour response.
· DBA Perspective: The real-world cases of GCash and TNG provide highly convincing proof of domestic distributed databases’ capabilities in high-concurrency, strong-consistency scenarios. DBAs should start paying attention to OceanBase’s full-chain tooling, including data migration, heterogeneous database synchronization, and hybrid workload tuning. As overseas projects using domestic databases increase, DBAs with OceanBase skills will gain broader career development opportunities. · CTO Perspective: OceanBase’s success in both overseas fintech and traditional finance proves that domestic distributed databases no longer rely on low-price strategies to replace legacy Oracle architectures, but on solid technical capabilities. For CTOs making technology selections for overseas business or domestic Xinchuang replacement, OceanBase and GaussDB, along with international cloud databases like AWS Aurora and Google AlloyDB, are now mainstream options that need to be included in comprehensive evaluation checklists. · Investor Perspective: From handling the “Double 11” traffic surge to empowering Southeast Asian national-level wallets, OceanBase has gradually confirmed its long-term endurance in financial core systems. With the dual logic of government Xinchuang policy support and high overseas growth, the long-term investment value of domestic database vendors (especially those with mature global expansion and cloud service capabilities) is becoming clearer.
03|Oracle Releases First Quarterly Patch 23.26.2.0.0 for 26ai: AI-Empowered Security, New Version Number Rules Fully Adopted
Oracle has released its second quarter 2026 Critical Patch Update (CPU), in which the first quarterly RU (Release Update) of Oracle AI Database 26ai (version number 23.26.2.0.0) became available for download on May 2, 2026. Starting with 26ai, Oracle adopts a new version numbering scheme – the major version 23.26.x is fixed, and the third digit represents the quarter (23.26.2 corresponds to the second quarter of 2026). Oracle strongly recommends that customers upgrade to long-term support releases 19c or 26ai, and keep up with the latest RUs starting April 2026. These RUs include fixes for vulnerabilities identified by Anthropic’s Claude Mythos Preview and OpenAI’s Trusted Access for Cyber model, reflecting an “AI vs. AI” security strategy.
· DBA Perspective: Oracle’s new version numbering for 26ai solidifies the quarterly RU as an established routine, and DBAs need to incorporate quarterly RUs into their fixed operational cadence. It is noteworthy that the vulnerabilities fixed in this RU include high-risk issues identified by security models – under the AI-driven attack and defense race, DBAs’ security risk surface is expanding from human error to model-layer attacks. · CTO Perspective: This is the most direct manifestation of the “AI empowers everything” trend in the database security field. Oracle uses AI models to assist in identifying vulnerabilities and producing RUs. Although this improves the timeliness of security fixes, CTOs of enterprises running core systems on Oracle still need to assess the change management pressure brought by quarterly release updates. · Investor Perspective: Oracle is trying to tell a deep and coherent story of “database + AI” – from kernel AI capabilities to AI-powered operations and AI-powered security. While the narrative itself is cohesive enough, investors need to closely track the revenue share of database cloud services and renewal rates in Oracle’s financial reports to evaluate the actual business effectiveness of this transformation.
04|Tencent Cloud Schedules May 29 “Database + AI” Launch: AI-In-Database Becomes the Main Arena for Domestic Vendors
Tencent Cloud Database announced that it will hold a “Database + AI” product launch on May 29, 2026, with the core theme of going beyond simple “database + AI” tool combinations to achieve deep internalization and native integration (AI-In-Database) of large models with the database kernel. This launch will present, for the first time, Tencent Cloud’s strategic layout and comprehensive solutions under the dual-track path of “DB for AI” and “AI in DB”. The six core highlights include: releasing an Agent “memory brain”, a database Agent tool suite, multi-modal vector hybrid search, a newly designed cloud-native architecture 2.0 (targeting the unpredictability of large model training, inference, and Agent workloads), as well as head customers from finance, overseas retail, and other industries sharing practical experience.
· DBA Perspective: After Oracle, IBM, and Google Cloud, the convergence of domestic database vendors toward “AI-In-Database” is accelerating. Dameng, OceanBase, Alibaba Cloud, and Tencent Cloud are all intensively promoting kernel-level AI integration. It is recommended that DBAs build a technology landscape map of AI databases, systematically sorting out the AI features and differentiators of each mainstream vendor – this will become essential homework for technical selection and career planning over the next 2-3 years. · CTO Perspective: The most important takeaway from Tencent Cloud’s upcoming launch is that “AI-In-Database” has moved from proof of concept to large-scale implementation. When several vendors charge into this track at the same time, technology standardization will accelerate, and the risk of technology selection will significantly decrease. For CTOs, databases’ AI-native capabilities must be upgraded from a “nice-to-have” to a “must-have” in procurement decisions. The May 29 launch should be marked as a key technology focus event for the year. · Investor Perspective: The “database + AI” narrative is evolving from “a unique story of a certain vendor” to “an industry-wide technological consensus.” Vendors that can be the first to achieve kernel-level AI integration in this “AI-In-Database” race and deliver customer implementation cases will gain an obvious valuation premium in the capital market. For Tencent Cloud’s launch, pay attention to the customer practice sharing session – the quality of implementation cases will determine stock price reactions more than the concepts themselves.
05|Percona Live 2026: OurSQL Foundation Officially Debuts, MySQL Ecosystem May Enter a New “Community-Led” Chapter
From May 27 to 29, 2026, the open-source database technology event Percona Live 2026 will be held in the Bay Area, USA. The conference agenda shows that Percona co-founder Vadim Tkachenko will officially introduce the newly established OurSQL Foundation in a keynote, exploring a community-led future development model for MySQL. The conference also features several major keynotes, including CMU’s Andy Pavlo on “Developing and Optimizing Database Systems Using Large Language Models”, Oracle’s Heather VanCura on “The Path to Open Innovation in MySQL”, and VillageSQL’s Dominic Preuss on the design of the MySQL extension framework. In addition, 26 topic sessions include engineers from industry-leading companies such as Google, Meta, Pinterest, PayPal, Apple, Amazon, and Plaid sharing the latest practices in open-source databases like MySQL, PostgreSQL, and MongoDB.
· DBA Perspective: The establishment of the OurSQL Foundation provides an important option to address the uncertain community direction after MySQL 8.0 EOL. If the Foundation gains sufficient support from developers and enterprises, the future of MySQL could be community-led rather than dominated by a single vendor – this is worth continuous attention for DBAs who have long relied on the MySQL ecosystem. · CTO Perspective: Oracle’s governance of the MySQL community still faces significant uncertainty in earning developers’ continued trust. If the OurSQL Foundation attracts enough resources and contributors, it will provide a more secure technical path for enterprises’ MySQL investments. CTOs with large MySQL technology stacks should closely monitor this development. · Investor Perspective: The OurSQL Foundation is essentially a countermeasure by the open-source community against the vendor-led development model. If the Foundation receives support from key enterprise users and cloud vendors, it will gain stronger influence over the governance and evolution direction of the MySQL ecosystem – a positive for related publicly listed companies like MariaDB and for cloud vendors whose core technology stack relies on MySQL’s open-source capabilities.
📅 Recent Database Hot Topics Recap
Date Event Core Highlights May 1 IBM Db2 12.1.5 preview announcement Vector index + five-nines HA, positioned as enterprise AI platform May 2 Oracle 26ai first quarterly RU (23.26.2.0.0) available New version numbering adopted, AI-powered security May 3 Southeast Asian gov/military network attack exposed cPanel zero-day + PostgreSQL privilege escalation, layer-by-layer breach May 3 OceanBase discloses global business progress for first time Overseas revenue +200%, covering 1.3B+ users May 4-5 AI Agent Conference New York 2026 TiDB appears, focus on AI Agent data architecture May 21-22 Snowflake Q1 FY2026 earnings pending Market focus on AI product revenue growth May 27-29 Percona Live 2026 (Bay Area) OurSQL Foundation officially debuts, new chapter for MySQL community May 29 Tencent Cloud “Database + AI” product launch Domestic database AI-In-Database convergence appears
📌 Issue Summary
News Keywords DBA Actions CTO/Decision-Maker Focus Investor Signals SE Asia military gov chain attack cPanel zero-day auth bypass, PostgreSQL COPY privilege escalation, 4.37GB data theft Audit access to PostgreSQL high-risk features Assess supply chain security risks, rebuild defense in depth Value security vendors providing complete attack chain detection OceanBase global results Overseas revenue +200%, 1.3B+ users, GCash cost -40% Pay attention to OceanBase migration tooling & HTAP tuning Include leading domestic DBs in global tech evaluation Xinchuang + global expansion dual engines, long-term value clear Oracle 26ai first RU patch New version numbering, AI-identified vulnerability fixes, quarterly RU routine Incorporate quarterly RUs into fixed operational cadence Assess internal management pressure from quarterly change cadence Track cloud services revenue share & renewal rate to evaluate transformation effectiveness Tencent Cloud May 29 launch AI-In-Database kernel native integration, cloud-native architecture 2.0 Build AI capability map for each vendor, prepare for selection Upgrade AI-native capability from nice-to-have to must-have in procurement Focus on customer case quality, prioritize vendors that reach mass production first Percona Live 2026 OurSQL Foundation, MySQL community-led Follow open-source ecosystem evolution trends Continuously track impact of community-led route on investment protection OurSQL is key signal of community countering vendor governance
HiddenMerit Team Production Slogan: Analyze every log line, outrun every iteration!
