Attackers used SQL injection and cross-site scripting (XSS) to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than ...