CSOonline

Four new vulnerabilities found in Ingress NGINX

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by ...
TechRadar

NGINX servers hijacked in global campaign to redirect traffic

DataDog reports attackers hijacking NGINX configurations to reroute traffic through malicious infrastructure Campaign targets Asian government and education sectors, enabling theft of session tokens, ...
cybernews

Severe vulnerability affects NGINX: websites visitors in danger

NGINX, a widely deployed reverse proxy and load balancer, contains a high-severity vulnerability that enables attackers-in-the-middle to inject data into server responses, potentially altering them or ...
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it ...
Bleeping Computer

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's backend infrastructure. NGINX is open-source software for web traffic ...
IEEE

Using the Reinforcement Learning agent to test the correctness of rule configuration in Web Application Firewalls

Abstract: Data protection is one of the most essential elements of cyber security strategies and processes. One of the components that support this process are firewalls, particularly web application ...
Hacker

How to Change Index HTML in Nginx

Your browser does not support the audio element. This story contains AI-generated text. The author has used AI either for research, to generate outlines, or write the ...
IEEE

ModSec-AdvLearn: Countering Adversarial SQL Injections With Robust Machine Learning

Abstract: Many Web Application Firewalls (WAFs) leverage the OWASP Core Rule Set (CRS) to block incoming malicious requests. The CRS consists of different sets of rules designed by domain experts to ...
The Hacker News

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters ...
GitHub

I wonder whether there are still memory leaks in the latest version

I tested this lib(3.0.12) with nginx model ModSecurity-nginx on Linux platform by reloading nginx (nginx -s reload) again and again for quite a log time,and I found that the memory (RSS) still ...
GitHub

Docker buildx crosscompile for arm64 fails with segmentation fault

I have been compiling ModSecurity-nginx for amd64 and arm64 on an amd64 host for a couple of years. Host is on Debian 12 Bookworm. All of a sudden about four months ago this no longer works and make ...