New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

Last week we released our newest front-end development, which grants you a more transparent view of your installed servers on our already easy-to-use dashboard. After logging into your account, you will instantly realize the improvements. On the servers homepage, the installed servers are shown on ninja-colored cards. Let’s see in details their contents: On the […]

In the last decade, elaborating a good Continuous Integration and Continuous Deployment strategy became one of the basic requirements in most of the IT companies. The average life expectancy of a Fortune 500 company has dramatically fallen down (from 75 years to 15 years) compared to the statistics a century before. ”Unicorns” are growing rapidly, […]

On 12th May 2017, the biggest cyber attack of recent times has happened and the threat is still present. Started from Europe and within a couple of hours has grown into a worldwide virus. The crisis has been caused by the WannaCry ransomware and its variants. The virus locks the infected computer and informs the users with […]

In this article, we are writing about how to secure automated decryption, based on Nathaniel McCallum’s presentation at DevConf 2017. One thing is certain, the security of our data is one of the most important things in this digital day and age. We always had a plan to protect our data, but as time changes, that […]

In this article, we would like to summarize our recently released developments, which impact the daily life of our clients. First of all, ... TheHTTPS Captcha: If you enable this feature in your agent, BitNinja will be able to present a Captcha on HTTPS. This will make the IP removal from our greylist possible just […]

Hacking has become a huge part of our lives, partly because of popular culture and partly because it can give us some serious headaches when they mess with our beloved computers.  Usually, people see them as either harmful cyber-criminals or as freedom-fighters. But in this article, we are talking about a third group of hackers, […]

A part of our Ninjastic Team participated in WHD Global in Rust, Germany for the second time. We gained a lot of experience, made new friends, learned about the trends of our industry and broadened our customer base. If you want to see the exhibition through the Ninjas' eyes, read on. The WHD staff really […]

This week we released a new version of BitNinja, which contains many significant performance improvements. But what are the changes exactly? We limited the SS usage of our Outbound WAF module. It will only use SS if a malicious request is caught. Its result will be a significant drop in BitNinja's CPU usage. Our SenseLog […]

Last week the Chief Content Manager of HostAdvice, a company who provides transparent and handy advice for those who are looking for Hosting Providers, interviewed our CEO George Egri about the nitty-gritty details of BitNinja. They have covered topics like: Why this product is better than other solutions George's views about the future of security […]

Introduction to CVE-2026-35535 The recent announcement of CVE-2026-35535 highlights a significant privilege escalation vulnerability affecting Sudo, a widely used command-line utility in Linux systems. This flaw allows an unauthorized user to gain elevated privileges, potentially compromising the system’s integrity. As server administrators and hosting providers, understanding this vulnerability is crucial to maintaining robust server security. […]

Introduction The cybersecurity landscape is constantly evolving, and with that comes new threats to server security. Recently, a significant vulnerability was discovered: CVE-2026-35508, affecting versions of Shynet prior to 0.14.0. This vulnerability permits cross-site scripting (XSS) in specific template filters, exposing servers to potential attacks. What is CVE-2026-35508? CVE-2026-35508 refers to an XSS vulnerability found […]

Understanding the CVE-2026-34762 Threat The recent CVE-2026-34762 vulnerability highlights a significant risk for system administrators and hosting providers. This vulnerability allows unauthorized manipulation of subscriber policies within the Ella Core 5G framework. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API did not verify that the IMSI identifier in the URL path matched the one in […]