Understanding CVE-2026-9629 and Its Implications A recent vulnerability identified as CVE-2026-9629 has been discovered in the Canvas plugin for WordPress. This flaw affects versions up to and including 2.5.2. Specifically, it allows authenticated attackers with contributor-level access or higher to exploit vulnerabilities via the 'tag' parameter. This vulnerability enables attackers to inject arbitrary web scripts […]

Critical Vulnerability Detected in FooGallery Plugin The FooGallery plugin for WordPress has been identified with a medium-severity vulnerability that poses a significant threat to server security. This flaw allows authenticated users with minimal access to execute stored cross-site scripting (XSS) attacks using the `custom_attribute_key` shortcode parameter. Overview of the Vulnerability Versions of FooGallery up to […]

Understanding CVE-2026-9629 and Its Implications A recent vulnerability identified as CVE-2026-9629 has been discovered in the Canvas plugin for WordPress. This flaw affects versions up to and including 2.5.2. Specifically, it allows authenticated attackers with contributor-level access or higher to exploit vulnerabilities via the 'tag' parameter. This vulnerability enables attackers to inject arbitrary web scripts […]

Critical Vulnerability Detected in FooGallery Plugin The FooGallery plugin for WordPress has been identified with a medium-severity vulnerability that poses a significant threat to server security. This flaw allows authenticated users with minimal access to execute stored cross-site scripting (XSS) attacks using the `custom_attribute_key` shortcode parameter. Overview of the Vulnerability Versions of FooGallery up to […]

What do you think about SPAMs? Most of us think they are useless and heavily annoying, but not for everybody. There are some geeks, who totally understand the background and find it rubbish, but sometimes they read them to “entertain themselves” and learn more about the recent patterns hacker tactics. Have you ever found a hidden […]

Bugs are always hunting us.  Recently we found some bugs during our work, but keep calm, they're not in the BitNinja agent. 😉 Let’s see what we explored: ModSecurity bug: empty comment line In our WAF2.0 (beta will come soon) we implemented ModSecurity as well as the OWASP’s core ruleset. Recently, our developers found a […]

No matter if you’re a Linux security veteran or you’re just about to get your feet wet, you’ll face the same security threats and upcoming attacks forms. Here we come with a security cheat sheet with ultimate checkpoints that no sysadmins should miss. When meeting new company, usually the very first thing I’m asked about […]

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities: CVE-2017-5715 : branch target injection CVE-2017-5753 : bounds check bypass CVE-2017-5754 : rogue data cache load Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the […]

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit […]

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly. The average web server faces thousands of attacks on a daily basis. There are a number of web application firewalls available to protect your server, and having […]

The number of cybersecurity breaches experienced in 2017 were really high, hackers kept themselves busy – just think about the WannaCry ransomware infecting Windows PCs. Furthermore, 2018 is almost here, and the future definitely holds many changes for you, Linux server operators, in the field of cybersecurity. As security always comes first, now it’s time […]

At Virtualization Day 2017 in Budapest, Hungary, we saw pretty good presentations about a different type of virtualizations and architecture concepts. In forenoon, Gergely Rab from Dell have shown us some very useful tools and solutions for software-defined storage architecture. One of these products is ScaleIO, which utilizes standard x86 servers and Ethernet network. In a […]

Two days ago storm clouds of cyberwar has reached our server from Argentina. In this article, we will share you some details about the attack. 22nd November started as a usual day. Until the afternoon nothing strange happened, then at about 5 o’clock a heavier request flood reached our servers, which has been increased until […]

Understanding CVE-2026-9061 and Its Implications for Server Security The recent discovery of CVE-2026-9061 presents serious risks for website operators using the Store Locator WordPress plugin. Versions prior to 1.6.9 contain a vulnerability that allows high-privileged users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This situation underscores the critical importance of robust server […]

Introduction The cybersecurity landscape is constantly evolving. One of the latest threats comes from a critical vulnerability in the Agile Store Locator plugin for WordPress. Known as CVE-2026-9062, this security flaw can allow attackers to exploit your server if not addressed. Understanding this vulnerability can help system administrators and hosting providers strengthen their server security. […]

Understanding CVE-2026-9109: A Threat to Server Security Recently, a vulnerability named CVE-2026-9109 has come to light, significantly impacting the GPTranslate plugin for WordPress. This vulnerability allows unauthenticated attackers to execute stored cross-site scripting (XSS) attacks through REST API endpoints. Given the increasing sophistication of cyber threats, understanding and mitigating such vulnerabilities has never been more […]