Category: Security

37 articles

Security
India’s .bank.in Trust Domain Leaked the Data of the People Who Run It
by Natalia Nowak · 3 Jul 2026 · 4 min read
IDRBT, the registrar for India's anti-phishing .bank.in domain, exposed 5,576 bank-domain administrators' data through open APIs for 13 months.
Security
Europe’s Hosts Bundle Email to Keep Customers. One in Four Mailboxes Has No SPF.
by Natalia Nowak · 30 Jun 2026 · 4 min read
A ShareShift audit of 56.3M European domains finds 3 in 4 run mail, but 1 in 4 mailboxes has no SPF, with Strato attaching mail to 94% of domains and protecting 6%.
Security
2,930 of 2,931 Exposed MySQL Databases Were Already Marked by Ransomware. The Playbook Is Six Years Old.
by Natalia Nowak · 29 Jun 2026 · 5 min read
Researchers found 2,930 of 2,931 exposed MySQL databases marked by ransomware. Exposing a database to the internet is now a near-guarantee of compromise.
Security
An Attacker Sent a Ransom Email From Blesta’s Own Servers
by Łukasz Nowak · 26 Jun 2026 · 9 min read
An extortion email demanding Blesta pay up passed SPF, DKIM and DMARC from Blesta's own servers, pointing to a real compromise. Blesta has not confirmed one.
Industry reports
The File Nobody Watches: llms.txt Is the Hosting Industry’s Newest Attack Surface
by Łukasz Nowak · 22 Jun 2026 · 17 min read
Anyone can slip a fake support line or rogue download into a hosting firm's llms.txt, and AI agents repeat it as fact. Nothing on the domain is watching.
Security
MariaDB Patches CVSS 10.0 Remote Code Execution Vulnerability in Galera Cluster Feature
by Natalia Nowak · 15 Jun 2026 · 3 min read
CVE-2026-49261 scores CVSS 10.0 and allows unauthenticated RCE in MariaDB Galera Cluster deployments. Standalone installations are not affected. Patches shipped May 27.
Security
HTTP/2 Bomb: One Connection Crashes Web Servers. nginx Is Patched, Apache Is Not.
by Natalia Nowak · 3 Jun 2026 · 6 min read
Single-connection HTTP/2 attack crashes web servers. nginx is patched today; Apache's fix has not reached distribution package managers.
Security
A Database Allegedly From Home.pl Is Being Advertised on a Cybercrime Forum.
by Łukasz Nowak · 29 May 2026 · 8 min read
A dataset allegedly from Home.pl, Poland's largest hosting provider, is being advertised on a cybercrime forum. We analyze the schema and what it means for 300,000+ customers.
Security
The Exploit Record: How Government Networks Keep Getting Breached
by Natalia Nowak · 29 May 2026 · 14 min read
A cPanel zero-day hit Guam. CISA got breached through Ivanti. Salt Typhoon accessed US wiretap systems. The case file of government breaches.
Security
CVE-2026-48172: LiteSpeed cPanel Plugin Root Privilege Escalation, CVSS 10.0, Actively Exploited
by Natalia Nowak · 27 May 2026 · 3 min read
LiteSpeed cPanel Plugin CVE-2026-48172 (CVSS 10.0) lets any cPanel user execute scripts as root. Actively exploited. Patch to 2.4.7 now.
📬

Stay in the loop

Weekly digest of the best hosting news, reviews and industry moves.

🚀

Reach hosting professionals

Sponsor webhosting.today and get in front of hosting buyers, founders and engineers.

50k+monthly readers
600articles
Become a sponsor →