As cyber threats evolve, the need for robust server security measures has become critical. Recently, multiple stored cross-site scripting (XSS) vulnerabilities were disclosed in various versions of Liferay, a popular open-source digital experience platform. Overview of the Vulnerability These vulnerabilities, identified as CVE-2025-43822, affect Liferay Portal 7.4.3.15 through 7.4.3.111 and Liferay DXP versions from 2023.Q3.1 […]

The cybersecurity landscape is ever-evolving, and staying updated on vulnerabilities is crucial for server administrators and hosting providers. Recently, a notable vulnerability, identified as CVE-2025-11415, was found in the PHPGurukul Beauty Parlour Management System. This vulnerability poses a serious risk that could be exploited remotely, leading to significant security concerns. Summary of the CVE-2025-11415 Incident […]

As cyber threats evolve, the need for robust server security measures has become critical. Recently, multiple stored cross-site scripting (XSS) vulnerabilities were disclosed in various versions of Liferay, a popular open-source digital experience platform. Overview of the Vulnerability These vulnerabilities, identified as CVE-2025-43822, affect Liferay Portal 7.4.3.15 through 7.4.3.111 and Liferay DXP versions from 2023.Q3.1 […]

The cybersecurity landscape is ever-evolving, and staying updated on vulnerabilities is crucial for server administrators and hosting providers. Recently, a notable vulnerability, identified as CVE-2025-11415, was found in the PHPGurukul Beauty Parlour Management System. This vulnerability poses a serious risk that could be exploited remotely, leading to significant security concerns. Summary of the CVE-2025-11415 Incident […]

Since the first emergence of computer viruses and botnets, the number of infected machines is growing day by day. The rapid development of IT not only brought increased comfort to our life, but the vulnerability of our personal data as well.  In parallel with the evolution of technical devices, hackers became more sensible, aggressive and […]

There are many ways your server can be compromised. In this article, I try to sum up the top 5 signs, which show your server has been compromised through your website. Your website is a very vulnerable part of your server, so many attacks targeting this interface. Not only big enterprises, like Sony or Apple, […]

Do you like going to conferences? We really do! Not just because of the fizzing atmosphere, hot topics and mind-blowing technologies. It’s you guys, who we like to meet in person at an exhibition. BitNinja users are from all over the world now from the US to Singapore. And these events provide such a great […]

A long time ago, in a galaxy far, far away … Ohh wait, it’s just happening. Yeah, one of the most anticipated ninja modules, the ‘gorgeous’ Port Honeypot has been released.  I know what you are thinking now “How can it be gorgeous? But seriously, this is about a security function”.  Let me introduce you […]

The holidays are over already, and hackers didn’t sleep at all during that time. Yeah, a critical Joomla vulnerability is on board again. To tell the truth, this 0-day remote command execution vulnerability is already 3-weeks old, but it can still cause headache for owners using versions from 1.5 to 3.4. It is a quite […]

We are so proud and excited to announce that BitNinja team is one of the eight selected startups in Cyber London’s second accelerator programme. It has been a long-awaited goal of us which is a perfect opportunity to rise BitNinja to the next level. It means lots of passionate work, helpful mentorship and a dynamic environment to […]

2015 was a big year both for our team and for you who use BitNinja on your servers to make the Internet a safer place. We are so proud of our community, full of committed and passionate hacker hunters. A lot has happened this year and now, nearing the end of it, it feels good […]

Mystery is on the horizon, ladies and gentlemen! And we always get excited about unappreciated server attacks. Just like in case of this ‘abdulkarrem’ one. Come, put on the role of Sherlock Holmes with us. Recently, there is a very frequent attack type. More and more sysadmin experience and complain about malicious request like these: […]

BitNinja has two very efficient detection modules. Log analysis and DoS detection does a great job in filtering attacks, but they are lack of one very important thing. Log analysis can only work on requests already reached your server. There are attacks like login brute force attacks, where it is not a problem as there […]

The cybersecurity landscape continues to evolve, and recent findings have raised alarms regarding a new vulnerability: CVE-2025-11417. This critical flaw affects the Campcodes Advanced Online Voting Management System, particularly its voters_add.php file, leading to severe security implications. Overview of the Vulnerability CVE-2025-11417 introduces an unrestricted file upload vulnerability. Attackers can exploit this weakness by manipulating […]

As cybersecurity threats evolve, server security remains a critical concern for system administrators and hosting providers. A recent vulnerability, CVE-2025-61999, highlights the importance of safeguarding web application environments. Incident Summary The OPEXUS FOIAXpress application, prior to version 11.13.3.0, allows administrative users to upload SVG files. This feature can be exploited to execute malicious JavaScript when […]

Cybersecurity threats evolve continually, demanding vigilance from system administrators and hosting providers. Recently, a serious vulnerability (CVE-2025-61997) has come to light regarding the OPEXUS FOIAXpress platform. This post will detail the implications of this vulnerability, why it’s critical for server security, and how to mitigate its effects. Understanding CVE-2025-61997 The OPEXUS FOIAXpress, prior to version […]