Understanding CVE-2026-5538 and Its Impact on Server Security A recently discovered vulnerability, CVE-2026-5538, has been identified in QingdaoU OnlineJudge software, affecting versions up to 1.6.1. This vulnerability allows for server-side request forgery, which can be exploited remotely. System administrators and hosting providers must be vigilant to protect their infrastructures against this type of attack. Details […]

Introduction In the realm of cybersecurity, vulnerabilities pose significant risks to system administrators and hosting providers. Recently, a high-severity vulnerability, CVE-2026-5536, was identified in the FedML-AI framework. This weakness can be exploited to perform deserialization attacks remotely, potentially compromising Linux servers. Understanding CVE-2026-5536 CVE-2026-5536 impacts versions of FedML-AI up to 0.8.9. The vulnerability resides within […]

Understanding CVE-2026-5538 and Its Impact on Server Security A recently discovered vulnerability, CVE-2026-5538, has been identified in QingdaoU OnlineJudge software, affecting versions up to 1.6.1. This vulnerability allows for server-side request forgery, which can be exploited remotely. System administrators and hosting providers must be vigilant to protect their infrastructures against this type of attack. Details […]

Introduction In the realm of cybersecurity, vulnerabilities pose significant risks to system administrators and hosting providers. Recently, a high-severity vulnerability, CVE-2026-5536, was identified in the FedML-AI framework. This weakness can be exploited to perform deserialization attacks remotely, potentially compromising Linux servers. Understanding CVE-2026-5536 CVE-2026-5536 impacts versions of FedML-AI up to 0.8.9. The vulnerability resides within […]

Artificial Intelligence (AI) is spreading quickly in many industries, and we can gladly announce the Attack Vector Miner, one of our latest developments based on AI. But before we tell you more about that, let’s get a bit more familiar with AI. If you’re an AI expert, know everything about it, and are only curious […]

Last time we finished off with the advice that if you’re hosting mainly WordPress websites, you should only enable the BitNinja Safe Minimum ruleset for the “/” location or any other domain pattern that contains “/wp-admin”. So let’s talk a bit more about domain patterns With the BitNinja WAF, we’d like to give you the […]

New LogAnalysis with 109x speed The former version of SenseLog (which serves our robust LogAnalysis module) has processed the files at the start and observed them if there were any changes in them. It has used a lot of sources for the dates in the log rows. In this version it was necessary because SenseLog […]

A new flaw on the horizon! A new flaw has been discovered in phpMyAdmin, in which an attacker has the possibility to include files on the server. This vulnerability is caused because of a portion of a code where the pages are redirected and loaded in phpMyAdmin. Here are the steps, how it can be […]

We know that our customers care a lot about their own customers, too. Just like we care about you, and about making the internet a safer place. So, with the following series of articles titled “Wordpress hosting and the BitNinja WAF - how to do it right?”, I’d like to help those who work in WordPress hosting, […]

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern […]

Riskware – a thin line between benign and malicious programs Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot […]

There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only […]

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were […]

Understanding CVE-2026-5535 A recently disclosed vulnerability, CVE-2026-5535, has come into the spotlight, affecting the FedML-AI platform versions up to 0.8.9. This vulnerability allows remote attackers to conduct path traversal attacks through the FileUtils.java file of the MQTT Message Handler component. Such exploitability poses serious risks for server administrators and hosting providers, emphasizing an urgent need […]

Introduction The cybersecurity landscape is constantly evolving, making server protection crucial for system administrators and hosting providers. Recently, a significant vulnerability, identified as CVE-2026-5534, has been disclosed in the itsourcecode Online Enrollment System. This vulnerability exposes servers to SQL injection attacks, potentially compromising sensitive data. Understanding the implications of this threat and taking proactive measures […]

Understanding CVE-2026-5533 and Its Impact on Server Security The recent discovery of the CVE-2026-5533 vulnerability in the badlogic pi-mono framework highlights a serious security risk related to cross-site scripting (XSS). This flaw particularly affects version 0.58.4 of the SVG Artifact Handler, leading to potential remote exploitation. Summary of the Vulnerability The CVE-2026-5533 vulnerability exploits a […]