Cross-Platform NPM Stealer, (Fri, May 22nd)
I found a Node.js stealer that looked pretty well obfuscated.
F5
20 articles
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exp...
Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products
Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.
Critical bug in F5 NGINX actively exploited
Experts raise concerns because NGINX runs in front of one-third of al website worldwide.
Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed o...
Critical NGINX Vulnerability Lets Hackers Launch Remote Code Execution Attacks
A newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as ...
Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulne...
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerabili...
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerabili...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, accordi...
PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical...
Critical 'NGINX Rift' vulnerability discovered, present for 18 years
The vulnerability, with a CVSS v4 score of 9.2, resides in the ngx_http_rewrite_module and affects a significant portion of internet infrastructure due to NG...
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under ce...
NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically s...
F5 Patches Over 50 Vulnerabilities
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities a...
PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution
A critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security research...
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undet...
Multi-model AI is creating a routing headache for enterprises
Application teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity co...
CVE-2026-33032: Nginx UI Missing MCP Authentication
Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to ce...
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.