New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

What is Censys? It is a search engine which allows people to search for the details on the devices and networks that compose the Internet. It uses the database of Zmap and ZGrab network scanners. Day by day, it analyses more than 4 billion IP addresses, which can be examined with the help of Censys.io. […]

Our CloudFlare integration has been released not so long ago, giving new opportunities and more automated, flawless service to our customers. Our developers worked this project out, because many of our ninja clients use CloudFlare in parallel with our services. The aim of this article is to describe why we needed this development and also to give […]

The onset of the Internet has brought many rewarding benefits to human race. Thanks to it, communication that was pegged to letters, faxes and phone calls back then, have now become faster, reaching more audiences. Social media has also made it possible to connect with people from all around the globe. Although, with this new […]

Have you ever thought about ad-blockers a potential security risk in your everydays? You’d better be banner blind with ad-blockers on or watch out where you click. Ad-blocker pros Ad-blocker is an application that is used worldwide to protect your computers from the annoying, flashy and memory-devouring online advertisements. It is an easy-to-use and easy-to-install […]

There’s one thing in IT security that cannot be patched as many other vulnerabilities: human beings. And as far as the ‘human factor’ is much of a concern, it is our responsibility to educate and protect our employees, customers and businesses from hacks. Data Breach and Social Engineering Data breach stands for the unsolicited phishing […]

If you have a server connected to the Internet, you can bet that it is constantly under scanning. Web-crawlers are gathering information from websites day-by-day. No matter if you have real websites or just an admin panel deployed on the web, sooner or later, they will find the public content. You may would not even […]

This year BitNinja Server Security became Golden Partner of WHD.global in Rust. So why not to share our experiences with you, as we attended at a WHD event for the first time? Ninja dojo and a hint of server security in the air We build up our booth before the very first day of the conference so […]

In today’s world more and more features are available online. New solutions become available day by day for making our life easier, simpler, faster. Regarding the last decade we have been able to say goodbye to long hours of administration. The notion of physical distance has changed too as we can speak now with anyone […]

Since the first emergence of computer viruses and botnets, the number of infected machines is growing day by day. The rapid development of IT not only brought increased comfort to our life, but the vulnerability of our personal data as well.  In parallel with the evolution of technical devices, hackers became more sensible, aggressive and […]

Introduction to CVE-2026-35535 The recent announcement of CVE-2026-35535 highlights a significant privilege escalation vulnerability affecting Sudo, a widely used command-line utility in Linux systems. This flaw allows an unauthorized user to gain elevated privileges, potentially compromising the system’s integrity. As server administrators and hosting providers, understanding this vulnerability is crucial to maintaining robust server security. […]

Introduction The cybersecurity landscape is constantly evolving, and with that comes new threats to server security. Recently, a significant vulnerability was discovered: CVE-2026-35508, affecting versions of Shynet prior to 0.14.0. This vulnerability permits cross-site scripting (XSS) in specific template filters, exposing servers to potential attacks. What is CVE-2026-35508? CVE-2026-35508 refers to an XSS vulnerability found […]

Understanding the CVE-2026-34762 Threat The recent CVE-2026-34762 vulnerability highlights a significant risk for system administrators and hosting providers. This vulnerability allows unauthorized manipulation of subscriber policies within the Ella Core 5G framework. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API did not verify that the IMSI identifier in the URL path matched the one in […]