Nginx is a tool tracked across 50 threat clusters and 138 intelligence report mentions on ThreatCluster. First observed October 24, 2025; most recent activity July 18, 2026.
Operation Highland, attributed to the Velvet Ant cyberespionage group, involved a sophisticated attack that began in 2016 and persisted undetected for a decade. The attackers hijacked the authentication stack of a major…
On June 17, 2026, F5 released emergency patches for two critical vulnerabilities in NGINX, CVE-2026-42530 and CVE-2026-42055. These vulnerabilities affect NGINX Open Source, NGINX Plus, and related products, allowing…
A critical vulnerability, CVE-2026-42945, has been discovered in the NGINX web server's ngx_http_rewrite_module, allowing unauthenticated attackers to execute remote code or crash servers. This heap-based buffer…
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message…
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload, allowing Remote Code Execution in all versions up to 5.1.8. This vulnerability arises from insufficient file extension validation in the…
On May 29, 2026, Yury Hubarevich, a prominent Belarusian politician, was targeted in a phishing attack linked to the Belarusian espionage group UNC1151. The attack involved an email disguised as a Google notification,…
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
F5 disclosed a critical vulnerability in NGINX, identified as CVE-2026-42533, which can lead to remote code execution (RCE) and denial-of-service (DoS) attacks. The flaw is a heap buffer overflow triggered by crafted…
A significant update for nginx has been released to address multiple vulnerabilities affecting openSUSE Leap 15.6. The vulnerabilities include CVE-2026-1642, a plaintext data injection flaw, CVE-2026-27654, a buffer…
A critical vulnerability in the Nginx-UI backup restore mechanism, identified as CVE-2026-33026, has been disclosed. This flaw enables attackers to manipulate encrypted backup archives, potentially injecting malicious…