Category: Security
37 articles
Security
India’s .bank.in Trust Domain Leaked the Data of the People Who Run It
IDRBT, the registrar for India's anti-phishing .bank.in domain, exposed 5,576 bank-domain administrators' data through open APIs for 13 months.
Security
Europe’s Hosts Bundle Email to Keep Customers. One in Four Mailboxes Has No SPF.
A ShareShift audit of 56.3M European domains finds 3 in 4 run mail, but 1 in 4 mailboxes has no SPF, with Strato attaching mail to 94% of domains and protecting 6%.
Security
2,930 of 2,931 Exposed MySQL Databases Were Already Marked by Ransomware. The Playbook Is Six Years Old.
Researchers found 2,930 of 2,931 exposed MySQL databases marked by ransomware. Exposing a database to the internet is now a near-guarantee of compromise.
Security
An Attacker Sent a Ransom Email From Blesta’s Own Servers
An extortion email demanding Blesta pay up passed SPF, DKIM and DMARC from Blesta's own servers, pointing to a real compromise. Blesta has not confirmed one.
Industry reports
The File Nobody Watches: llms.txt Is the Hosting Industry’s Newest Attack Surface
Anyone can slip a fake support line or rogue download into a hosting firm's llms.txt, and AI agents repeat it as fact. Nothing on the domain is watching.
Security
MariaDB Patches CVSS 10.0 Remote Code Execution Vulnerability in Galera Cluster Feature
CVE-2026-49261 scores CVSS 10.0 and allows unauthenticated RCE in MariaDB Galera Cluster deployments. Standalone installations are not affected. Patches shipped May 27.
Security
HTTP/2 Bomb: One Connection Crashes Web Servers. nginx Is Patched, Apache Is Not.
Single-connection HTTP/2 attack crashes web servers. nginx is patched today; Apache's fix has not reached distribution package managers.
Security
A Database Allegedly From Home.pl Is Being Advertised on a Cybercrime Forum.
A dataset allegedly from Home.pl, Poland's largest hosting provider, is being advertised on a cybercrime forum. We analyze the schema and what it means for 300,000+ customers.
Security
The Exploit Record: How Government Networks Keep Getting Breached
A cPanel zero-day hit Guam. CISA got breached through Ivanti. Salt Typhoon accessed US wiretap systems. The case file of government breaches.
Security
CVE-2026-48172: LiteSpeed cPanel Plugin Root Privilege Escalation, CVSS 10.0, Actively Exploited
LiteSpeed cPanel Plugin CVE-2026-48172 (CVSS 10.0) lets any cPanel user execute scripts as root. Actively exploited. Patch to 2.4.7 now.
Reach hosting professionals
Sponsor webhosting.today and get in front of hosting buyers, founders and engineers.
50k+monthly readers
600articles