New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

New Cookie Injection Vulnerability Affects Tornado Server The recent announcement of the CVE-2026-35536 vulnerability raised eyebrows across the cybersecurity landscape. This cookie injection flaw in Tornado, discovered before version 6.5.5, could have serious implications for server security. Incident Summary This vulnerability allows attackers to inject crafted characters into `domain`, `path`, and `samesite` arguments. The lack […]

Understanding CVE-2026-28815 and Its Implications The recent discovery of CVE-2026-28815 highlights a significant security vulnerability that affects server security, specifically within the Apple Swift-Crypto library. This flaw allows attackers to trigger an out-of-bounds read in the C decapsulation path when a short X-Wing HPKE key is supplied. The result can be a crash or memory […]

The number of active BitNinja protected servers is coming close to a round number again. WebReus and Arvixe already know why this is exciting news. BitNinja’s active server counter just reached 382. I think we don’t even need to say: If you are the 400th installer in our list, you’ll get the BitNinja protection on […]

We’ve been through some busy weeks again, full of excitements and DoS-improvements. We’d like to say thank you again for all the supportive bugfix and development tickets, sent by you all. We can bring the best out of BitNinja together, no doubts about it. 😉 Let’s see the new features and bugfixes which gave birth […]

We just launched BitNinja a little more than a month ago. It has been already demonstrated for 1 year in our own hosting environment, and success is coming from users worldwide, too. Read more and celebrate with us. BitNinja’s public beta ended on 23rd March, 2015. There were exactly 220 active BitNinja servers back then. […]

As always, you are encouraged to tell us what you think about BitNinja. Everything is welcome from bugs to development suggestions. That’s how version 1.4 was born, too. We’d like to extend a special thank you to all of the Ninjas who contributed to this version by contacting us tirelessly. Check out what’s new for […]

BitNinja’s active server counter is here again. We just reached the 294th Ninja-protected server worldwide. Now really, from Canada to Thailand, ninjas are everywhere. You guys are the best! We’d like to say thank you for this with a little gift: If you are the 300th installer in our list, you’ll get the BitNinja protection […]

BitNinja team is going to HostingCon Global in July. This is your opportunity to meet us as your potential business partner, in a fun and educational atmosphere. What is HostingCon? HostingCon is the premier industry conference and trade show for hosting and cloud providers. Join over 2000 of your hosting and cloud industry peers to discover […]

We are happy to announce BitNinja 1.0.0  The version counter turned from 0.31 to our first full release, because BitNinja 1.0.0 is now running stable on more than 100 production servers worldwide! That’s a great success for us and a big loss for the hackers. 😉  So what’s new in 1.0.0?  What is new in addition […]

There were 22.000 attendees, from more than 100 countries, with the biggest names in the tech world, more than 500 speakers, lack of wi-fi, 145.000 tweets in 72 hours, many business cards, a high interest in our server defense system and wonderful Irish hospitality. Here’s the wrap up of Web Summit 2014. Web Summit is […]

Hi there, Imagine where we will be free to meet soon: BitNinja’s going to the WebSummit, in Dublin! A few months ago we applied to the Alpha program of this event, dedicated to startups. After 2 weeks we got an email from the organizer that said: “There are so many applications for the program that we won’t […]

Introduction to CVE-2026-35535 The recent announcement of CVE-2026-35535 highlights a significant privilege escalation vulnerability affecting Sudo, a widely used command-line utility in Linux systems. This flaw allows an unauthorized user to gain elevated privileges, potentially compromising the system’s integrity. As server administrators and hosting providers, understanding this vulnerability is crucial to maintaining robust server security. […]

Introduction The cybersecurity landscape is constantly evolving, and with that comes new threats to server security. Recently, a significant vulnerability was discovered: CVE-2026-35508, affecting versions of Shynet prior to 0.14.0. This vulnerability permits cross-site scripting (XSS) in specific template filters, exposing servers to potential attacks. What is CVE-2026-35508? CVE-2026-35508 refers to an XSS vulnerability found […]

Understanding the CVE-2026-34762 Threat The recent CVE-2026-34762 vulnerability highlights a significant risk for system administrators and hosting providers. This vulnerability allows unauthorized manipulation of subscriber policies within the Ella Core 5G framework. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API did not verify that the IMSI identifier in the URL path matched the one in […]