New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]
Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]
New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]
Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]
On 2 September 2020 arstechnica reported a zero-day vulnerability in a WordPress plugin. File Manager helps users manage their files on the website. It was downloaded 700,000 times and more than half of the customers are affected. The vulnerability allowed hackers to execute commands and upload files on a website. How did the BitNinja team patch the vulnerability? We discovered the exploit with our Defense Robot. […]
The increasing number of data breaches raises new concerns for all companies. According to Statista, there were 1,473 million data breaches causing 164 million exposed records in the US in 2019. Many companies are being sued for data breaches and since the implementation of the General Data Protection Regulation (GDPR), these cybersecurity lawsuits run into […]
Botnets are a major threat for web hosting providers and basically for every server. They are the fundamentals of cybercrime in the dark industry of hackers. A botnet is a group of infected computers (aka bots or zombie machines) controlled by a hacker, the botmaster. Zombie machines can be personal computers, mobile devices, or even […]
28 Febr, 2020 16:44 PM UPDATE: We know that it was a hard decision for the organizers, and we feel really sorry that we can't meet with the wonderful cloud community in the Europa Park this year. However, it was the right decision because security always comes first. We, however, have a plan B. 😉 […]
Why should you visit tech conferences? As our world is changing quickly, new types of technologies are constantly being made. To keep up with the rapid pace of the technology changes and to learn more about the most advanced solutions, we highly recommend everyone to visit at least 1 tech conference every year. Fortunately, there […]
On 19 February 2020, Wordfence reported a highly critical vulnerability found in the popular Duplicator plugin for WordPress. This plugin is useful when users want to migrate and copy WordPress sites. With Duplicator, sysadmins can create a new copy of the site and the generated file can be downloaded from the WP dashboard. WordPress Duplicator Plugin Zero-day […]
Critical Issues for Companies Looking to Get On Board the 5G, AI Revolution As companies brace themselves for the ongoing fourth industrial revolution, cybersecurity remains high on the agenda. Executives are wary about the challenges that accompany emerging major technologies such as 5G, but Artificial Intelligence (AI) is widely regarded as a cyber-security life line. […]
Hackers and cyberattack techniques are evolving every day. Hosting companies and every server owner should keep an eye on the cybersecurity news to prepare themselves and protect their systems against the new types of threats. That’s why BitNinja collects the hottest cybersecurity news and sends out a Cybersecurity Digest each month. Now, we’ve summarized the […]
As 2019 will be over soon, it’s time to stop for a while and look back on what happened this year. 2019 was a unique year at BitNinja (you’ll see on the results). We got closer to our mission – making the internet a safer place. However, we couldn’t have reached the successes mentioned below […]
Introduction to CVE-2026-35535 The recent announcement of CVE-2026-35535 highlights a significant privilege escalation vulnerability affecting Sudo, a widely used command-line utility in Linux systems. This flaw allows an unauthorized user to gain elevated privileges, potentially compromising the system’s integrity. As server administrators and hosting providers, understanding this vulnerability is crucial to maintaining robust server security. […]
Introduction The cybersecurity landscape is constantly evolving, and with that comes new threats to server security. Recently, a significant vulnerability was discovered: CVE-2026-35508, affecting versions of Shynet prior to 0.14.0. This vulnerability permits cross-site scripting (XSS) in specific template filters, exposing servers to potential attacks. What is CVE-2026-35508? CVE-2026-35508 refers to an XSS vulnerability found […]
Understanding the CVE-2026-34762 Threat The recent CVE-2026-34762 vulnerability highlights a significant risk for system administrators and hosting providers. This vulnerability allows unauthorized manipulation of subscriber policies within the Ella Core 5G framework. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API did not verify that the IMSI identifier in the URL path matched the one in […]
Understanding CVE-2023-7343: A Major Threat to Server Security As system administrators and hosting providers, staying ahead of vulnerabilities is crucial for maintaining server security. The recently disclosed CVE-2023-7343 highlights a significant risk that could affect the integrity of your Linux servers. This vulnerability allows attackers to escalate privileges and misuse the affected software, jeopardizing sensitive […]
Understanding CVE-2024-14034 and Its Impact The cybersecurity landscape continues to evolve, introducing new vulnerabilities that threaten server security. Recently, a critical authentication bypass vulnerability known as CVE-2024-14034 was discovered in Hirschmann HiEOS devices. What is CVE-2024-14034? This vulnerability exists in the HTTP(S) management module of Hirschmann HiEOS devices. It allows unauthenticated remote attackers to gain […]
Understanding CVE-2023-7343: A Major Threat to Server Security As system administrators and hosting providers, staying ahead of vulnerabilities is crucial for maintaining server security. The recently disclosed CVE-2023-7343 highlights a significant risk that could affect the integrity of your Linux servers. This vulnerability allows attackers to escalate privileges and misuse the affected software, jeopardizing sensitive […]
Understanding CVE-2024-14034 and Its Impact The cybersecurity landscape continues to evolve, introducing new vulnerabilities that threaten server security. Recently, a critical authentication bypass vulnerability known as CVE-2024-14034 was discovered in Hirschmann HiEOS devices. What is CVE-2024-14034? This vulnerability exists in the HTTP(S) management module of Hirschmann HiEOS devices. It allows unauthenticated remote attackers to gain […]
