Understanding CVE-2026-6324 Vulnerability A critical security flaw has been identified in libsoup, impacting server security specialists, hosting providers, and system administrators using Linux servers. This vulnerability allows remote attackers to exploit an unsigned to signed conversion error, posing a significant threat to the security of web applications. What is CVE-2026-6324? The CVE-2026-6324 vulnerability emerges from […]

Introduction to WP Maps Pro Vulnerability The WP Maps Pro plugin for WordPress contains a critical security flaw. All versions up to 6.1.0 are vulnerable to unauthenticated privilege escalation. This vulnerability allows attackers to create an administrator account without proper authentication. The potential for misuse is high, posing significant risks for server administrators and hosting […]

Understanding CVE-2026-6324 Vulnerability A critical security flaw has been identified in libsoup, impacting server security specialists, hosting providers, and system administrators using Linux servers. This vulnerability allows remote attackers to exploit an unsigned to signed conversion error, posing a significant threat to the security of web applications. What is CVE-2026-6324? The CVE-2026-6324 vulnerability emerges from […]

Introduction to WP Maps Pro Vulnerability The WP Maps Pro plugin for WordPress contains a critical security flaw. All versions up to 6.1.0 are vulnerable to unauthenticated privilege escalation. This vulnerability allows attackers to create an administrator account without proper authentication. The potential for misuse is high, posing significant risks for server administrators and hosting […]

Our Port Honeypot module proactively catches botnets very quickly, as botnets usually start to scan open ports, which is the first step of the attack cycle. We found an old IoT botnet that became active again. It strangely happened just 2 months after 21-year-old Kenneth Schuchman pleaded guilty to developing and deploying the Satori botnet. […]

On 3 Dec 2019, we released a new agent version (2.6.4) to fix the cert update bug in the SSL Terminating module, but unfortunately, some dependencies caused serious issues (kernel panic, redirection problems) on some CentOS 6 and CentOS 7 servers. It affected only 2% of the BitNinja protected servers because it occurred only in […]

Industry-first feature is available in BitNinja! We are happy to announce that the brand-new ASN white/blacklist option is out now. This development was requested by our users and we are so thankful that our partners are inspiring us to create such special features, which are only available in BitNinja. What does ASN mean? An autonomous […]

RCE attacks are one of the most dangerous types of attacks as hackers could take complete control of the victim’s host, meaning that they can run commands, install malware, etc. In this article, I’d like to introduce 2 new vulnerabilities, which have been patched by BitNinja WAF: vBulletin RCE Rusty Joomla RCE New botnet utilizes […]

It takes 99.9% less memory usage and 99.9% less time to set up… Unbelievable, but it’s possible with the new malware monitoring tool. While BitNinja believes in the power of prevention and our proactive modules are very robust, we also want to provide an all-in-one server security service. We know that malware infections are a […]

Not everyone uses the BitNinja Dashboard for the same reasons when doing their work. We know that. Which is why we have different sub-user roles built into our Dashboard. Why do you need sub-user roles? If you need your accountant to download your subscriptions’ invoices without sharing your BitNinja account's login details, and if you […]

ReadySpace was founded in 2003 and is based in Singapore. They provide cloud-based solutions to their 150,000 customers, mainly from the Asia Pacific region. They are now expanding to the Philippines and Indonesia, and since 2013 started to open towards American businesses. Challenges They were experiencing the harmful effects of heavy DoS attacks mainly, which […]

BitNinja was founded in 2014 and became very profitable by the following year. We could quickly grow by using our own resources, however, we are truly committed to our mission. We want to make the internet a safer place, so we decided to speed up our growth with investors. We are pleased to announce that […]

Ganesh Hosting is one of our oldest customers, who are with us from the very beginning. A few years ago, we asked them about their experience and created this case study. It was available only for our reseller partners but now we would like to share it with the publicity. The company Ganesh Hosting is […]

Understanding CVE-2026-9493: A Server Security Alert The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2026-9493 indicate the alarming reality of Insecure Direct Object Reference (IDOR) threats. This vulnerability affects systems developed by BankPro E-Service Technology, allowing authenticated attackers to access unauthorized data. Incident Overview CVE-2026-9493 allows attackers to manipulate parameters within a query function, […]

Critical Vulnerability in Simple Divi Shortcode Plugin The Simple Divi Shortcode plugin for WordPress has a serious vulnerability that affects server security. The issue lies with the 'id' parameter in the [showmodule] shortcode, leading to Stored Cross-Site Scripting (XSS). This vulnerability is present in versions 1.2 and earlier due to inadequate input sanitization and output […]

CVE-2025-11993: Understanding the Risk to Your Server Security The recent CVE-2025-11993 vulnerability poses a significant risk for Linux server administrators and hosting providers. This flaw affects all versions of the WooCommerce Infinite Scroll and Ajax Pagination plugin prior to version 1.8, allowing attackers to exploit PHP Object Injection through inadequate data validation. What is CVE-2025-11993? […]