SQL Injection Vulnerability in itsourcecode's Construction Management System Recently, a significant security vulnerability was identified in itsourcecode's Construction Management System version 1.0. This flaw, found in the borrowedtool.php file, can be exploited to perform SQL injection attacks. Such attacks allow malicious actors to execute arbitrary SQL code, leading to various harmful outcomes including data theft […]

Understanding the Recent Vulnerabilities in IBM Concert Software The cybersecurity landscape is constantly evolving, challenging system administrators and hosting providers to stay vigilant. One recent development that has raised alarms is the vulnerability discovered in IBM Concert software. This vulnerability impacts the server security of various systems, specifically versions 1.0.0 through 2.2.0 of the IBM […]

SQL Injection Vulnerability in itsourcecode's Construction Management System Recently, a significant security vulnerability was identified in itsourcecode's Construction Management System version 1.0. This flaw, found in the borrowedtool.php file, can be exploited to perform SQL injection attacks. Such attacks allow malicious actors to execute arbitrary SQL code, leading to various harmful outcomes including data theft […]

Understanding the Recent Vulnerabilities in IBM Concert Software The cybersecurity landscape is constantly evolving, challenging system administrators and hosting providers to stay vigilant. One recent development that has raised alarms is the vulnerability discovered in IBM Concert software. This vulnerability impacts the server security of various systems, specifically versions 1.0.0 through 2.2.0 of the IBM […]

From November 2022, with the birth of ChatGPT, generative AI models gained significant popularity. Code generation also received a new swing with these models. In early 2023, Meta released its first open-source generative model, Llama. Later, in the summer, with the release of Llama 2, open-source generative models caught up with their proprietary counterparts regarding […]

In the digital realm, WordPress is frequently chosen for its user-friendliness and versatile features. Yet, like many platforms, it's exposed to potential online risks. This is where Web Application Firewall (WAF) rules, such as those developed by Bitninja and OWASP, play a crucial role in WordPress security. WordPress and Its Security Challenges WordPress, despite its […]

AI Malware scanner updates, improved incident processing, stability improvements, bugfixes and even more in our new BitNinja versions (V3.8.0 to 3.8.3) Most systems will automatically update, if you have specific settings or applications preventing automatic updates, you can follow our documentation on how to proceed to have the latest version installed. Here's the juicy stuff: […]

We are so excited that the registration is now open for CloudFest 2024!We cannot wait for another year of new ideas, learning, and teamwork. So, it is the perfect time to reflect on our journey since the last event and what we have achieved so far.  Recap: CloudFest 2023 CloudFest 2023 was full of exciting […]

Here at BitNinja, we are all about optimizing your experience to ensure seamless interaction with our services. We are excited to share our updated Linux malware scanner dashboard, a result of meticulous and professional iteration processes. This improvement is built on profound UX expertise, comprehensive session analyses, and insightful user interviews. Our proactive approach shows […]

Litespeed config parsing fixes, stability improvements, bugfixes and even more in our new BitNinja versions (V3.7.7 and 3.7.8) Most systems will automatically update, if you have specific settings or applications preventing automatic updates, you can follow our documentation on how to proceed to have the latest version installed. Let's get to business: The newest BitNinja […]

In our previous article, we delved into the mechanics of our innovative spam detection module. With security as our utmost priority, our team has been continually tweaking and enhancing the module to maintain its effectiveness. Today, we are excited to share some key statistics to provide an overview of the system's performance since its inception […]

Introduction to CVE-2026-5705 The cybersecurity landscape continually evolves, posing new challenges for system administrators and hosting providers. Recently, a significant vulnerability, identified as CVE-2026-5705, has been reported in the code-projects Online Hotel Booking software. This vulnerability affects the booking endpoint, enabling remote exploitation through cross-site scripting (XSS). Understanding and mitigating such vulnerabilities is critical for […]

Understanding the CVE-2026-5692 Vulnerability CVE-2026-5692 is a serious command injection vulnerability identified in the Totolink A7100RU router. The issue arises in the function setGameSpeedCfg within the file /cgi-bin/cstecgi.cgi. By manipulating the argument enable, attackers can execute arbitrary operating system commands from a remote location. Why This Matters for Hosting Providers For system administrators and hosting […]

Understanding the Open edX Vulnerability The Open edX platform recently revealed a security flaw that allows attackers to exploit an unvalidated redirect_url parameter in survey views. This vulnerability emphasizes the need for robust server security measures, especially for hosting providers and web application developers. What Happened? When a non-existent survey name is requested, Open edX […]