Understanding the Impacts of CVE-2025-11502 Recently, a vulnerability identified as CVE-2025-11502 was reported for the Schema & Structured Data for WP & AMP plugin used in WordPress. This vulnerability involves authenticated users being able to execute arbitrary JavaScript through stored cross-site scripting (XSS) attacks. This makes it crucial for system administrators and hosting providers to […]

Understanding CVE-2025-11927 and Its Impact on Server Security The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2025-11927 serve as a reminder of the risks that hosting providers and system administrators face. This critical vulnerability allows authenticated attackers to exploit the Flying Images WordPress plugin for stored cross-site scripting (XSS). This blog discusses its implications […]

Understanding the Impacts of CVE-2025-11502 Recently, a vulnerability identified as CVE-2025-11502 was reported for the Schema & Structured Data for WP & AMP plugin used in WordPress. This vulnerability involves authenticated users being able to execute arbitrary JavaScript through stored cross-site scripting (XSS) attacks. This makes it crucial for system administrators and hosting providers to […]

Understanding CVE-2025-11927 and Its Impact on Server Security The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2025-11927 serve as a reminder of the risks that hosting providers and system administrators face. This critical vulnerability allows authenticated attackers to exploit the Flying Images WordPress plugin for stored cross-site scripting (XSS). This blog discusses its implications […]

Aitire is a small MSP (Managed Service Provider) company located in Spain. They have more than 10 years of experience in computer consulting, Free Software, Open Source, GNU / Linux, etc… They aspire every day to maximize their technology and provide the best tools to their clients. Challenges „We usually work with rpm based Linux […]

Our Port Honeypot module proactively catches botnets very quickly, as botnets usually start to scan open ports, which is the first step of the attack cycle. We found an old IoT botnet that became active again. It strangely happened just 2 months after 21-year-old Kenneth Schuchman pleaded guilty to developing and deploying the Satori botnet. […]

On 3 Dec 2019, we released a new agent version (2.6.4) to fix the cert update bug in the SSL Terminating module, but unfortunately, some dependencies caused serious issues (kernel panic, redirection problems) on some CentOS 6 and CentOS 7 servers. It affected only 2% of the BitNinja protected servers because it occurred only in […]

Industry-first feature is available in BitNinja! We are happy to announce that the brand-new ASN white/blacklist option is out now. This development was requested by our users and we are so thankful that our partners are inspiring us to create such special features, which are only available in BitNinja. What does ASN mean? An autonomous […]

RCE attacks are one of the most dangerous types of attacks as hackers could take complete control of the victim’s host, meaning that they can run commands, install malware, etc. In this article, I’d like to introduce 2 new vulnerabilities, which have been patched by BitNinja WAF: vBulletin RCE Rusty Joomla RCE New botnet utilizes […]

It takes 99.9% less memory usage and 99.9% less time to set up… Unbelievable, but it’s possible with the new malware monitoring tool. While BitNinja believes in the power of prevention and our proactive modules are very robust, we also want to provide an all-in-one server security service. We know that malware infections are a […]

Not everyone uses the BitNinja Dashboard for the same reasons when doing their work. We know that. Which is why we have different sub-user roles built into our Dashboard. Why do you need sub-user roles? If you need your accountant to download your subscriptions’ invoices without sharing your BitNinja account's login details, and if you […]

ReadySpace was founded in 2003 and is based in Singapore. They provide cloud-based solutions to their 150,000 customers, mainly from the Asia Pacific region. They are now expanding to the Philippines and Indonesia, and since 2013 started to open towards American businesses. Challenges They were experiencing the harmful effects of heavy DoS attacks mainly, which […]

BitNinja was founded in 2014 and became very profitable by the following year. We could quickly grow by using our own resources, however, we are truly committed to our mission. We want to make the internet a safer place, so we decided to speed up our growth with investors. We are pleased to announce that […]

Recent Vulnerability Alert: CVE-2025-11995 The Community Events plugin for WordPress has been found vulnerable to a significant security flaw coded as CVE-2025-11995. This vulnerability opens doors for unauthenticated attackers to inject arbitrary scripts via the event details parameter, affecting all plugin versions up to and including 1.5.2. The issue stems from inadequate input sanitization and […]

Introduction In today's digital landscape, maintaining server security is a top priority. Recently, a significant vulnerability has been reported that affects the Schema Scalpel plugin for WordPress. This vulnerability can lead to serious concerns for system administrators and hosting providers. Understanding this threat and mitigating its impact is crucial for anyone managing a server. Overview […]

Discover the CVE-2025-5949 Vulnerability The recently identified CVE-2025-5949 vulnerability targets the Service Finder Bookings plugin for WordPress. This crucial flaw allows authenticated users to escalate privileges, potentially compromising the accounts of other users, including administrators. Affected versions include all before 6.0. The lack of proper user identity validation during password change requests leads to critical […]