At BitNinja, our mission has always been to protect servers seamlessly and efficiently from cyberattacks. Now, we’re taking another big step forward: the BitNinja Mobile App is coming soon! With this brand-new tool, you’ll have server security insights right at your fingertips and get instant alerts about the most important events. What can the first […]

According to our latest data, the number of cyberattacks blocked by BitNinja has tripled compared to the previous period. At first glance, this might sound alarming. Are attackers really becoming that much more aggressive? Is it that servers are under greater risk than before? The short answer: yes, but that’s only part of the story. […]

At BitNinja, our mission has always been to protect servers seamlessly and efficiently from cyberattacks. Now, we’re taking another big step forward: the BitNinja Mobile App is coming soon! With this brand-new tool, you’ll have server security insights right at your fingertips and get instant alerts about the most important events. What can the first […]

According to our latest data, the number of cyberattacks blocked by BitNinja has tripled compared to the previous period. At first glance, this might sound alarming. Are attackers really becoming that much more aggressive? Is it that servers are under greater risk than before? The short answer: yes, but that’s only part of the story. […]

For devops in the web hosting business, holiday season is not exactly the most wonderful time of the year. If you’ve ever sneaked out from Christmas dinner to check on your servers’ status, or been woken up by attack alerts when only Santa Claus is supposed to be awake, you know what I mean. The […]

Before I begin to explain CSRFs we need to understand some facts. First of all, we have to see how websites usually work when they have a login. Most pages use username/email and password for authentication. In today's world, it's not uncommon for newer sites to support two-step authentication. Normally we use a login once […]

In the previous blog article, we learned about SQL injection and how it works. If you read it then you will know that it belongs to the family of the most serious vulnerabilities. The next vulnerability is not going to be so serious, but it's worth taking care of. What is HTTP Parameter Pollution? The […]

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It […]

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware. In this article, we’ll diversify the different types of malware so that you can better understand their behaviour. There are […]

We like attending meetups because we believe that great ideas are created when we share our experience and knowledge. That’s why we decided to organize regularly an IT security meetup in our town, Debrecen. On 24th August, we held our third meetup and we are so happy that the number of the attendees is increasing. […]

As a member of the BitNinja Development Team, one of our most important tasks is to develop the protection of BitNinja. When we deal with such a process we can see how an attack works or how a botnet can exploit a vulnerability. It's almost like watching these events behind the scenes. That's why this […]

Our world would be insecure without bug bounty platforms. We don’t know who we can or cannot trust. If we find a vulnerability in a software as a white hat hacker, we would be afraid to report it to the software owners because we wouldn’t know what their reaction would be. Will they reward or […]

The “Hello, Peppa!” botnet and the /ept/out.php vulnerability were newly discovered attacks by our Attack Vector Miner. But now, it has recognized the reactivation of a forgotten IoT botnet. This botnet exploits the D-Link router DSL-2750B  remote command execution. What does the attack look like?  The discovered pattern is the /login.cgi?cli= as you can see below:  In the case of the D-Link router DSL-2750B firmware 1.01 to 1.03, there’s an option for remote command […]

Recent revelations about Remote Code Execution (RCE) vulnerabilities have heightened concerns among system administrators and hosting providers. If you manage a Linux server or deploy web applications, understanding these threats is crucial. What is the Recent Threat? The newly identified vulnerability, affecting various applications, permits an attacker to execute arbitrary commands on a server. This […]

The recent discovery of a critical vulnerability in the StoryChief WordPress plugin poses significant security risks for system administrators and hosting providers. The flaw, identified as CVE-2025-7441, allows adversaries to upload arbitrary files, putting website integrity and server security at risk. Incident Summary This vulnerability affects version 1.0.42 of the StoryChief plugin, widely used for […]

An alarming authentication bypass vulnerability has emerged in Ivanti Endpoint Manager Mobile 12.5.0.0. This flaw could allow unauthorized access to secure administrative endpoints and has serious implications for server security. Here’s what every system administrator and hosting provider needs to know. Summary of the Vulnerability The vulnerability, identified as CVE-2025-4427, presents an opportunity for attackers […]