29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user's cleartext...
server
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers,...
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud | Trend Micro (US) Content has been added to your...
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Ravie LakshmananMay 18, 2026Cybersecurity / Hacking Monday opens with a trust problem. A mail server flaw is under active use....
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
Ravie LakshmananMay 05, 2026Vulnerability / Server Security The Apache Software Foundation (ASF) has released security updates to address several security...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully...
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini...
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Ravie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web...
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 16, 2026...
The CISO as a Business Leader: Moving from the Server Room to the Boardroom
The CISO as a Business Leader: Moving from the Server Room to the Boardroom In 2026, the era of the...
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
Critical Nginx UI flaw CVE-2026-27944 exposes server backups Pierluigi Paganini March 08, 2026 Nginx UI flaw CVE-2026-27944 lets attackers download...
Enterprise tech spending to cross $6 trillion in 2026, driven by AI infrastructure boom
Server spending alone will rocket up 36.9% year-over-year, Gartner found, driven almost entirely by AI-optimized hardware. The hyperscalers, including AWS,...
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy...
U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog Pierluigi Paganini January 24,...
Common Issues with FreeRadius in Passwordless Implementations
Introduction to FreeRadius in a Passwordless World Ever tried explaining to a ceo why the "legacy" radio server is still...
