web security

Threat actors are using CVE-2025-55182 exploitation to inject malicious NGINX configurations that silently redirect web traffic through attacker infrastructure, targeting Asian TLDs and government sites.

NationStates shut down its site after a vulnerability reporter chained input sanitization flaws to achieve remote code execution, copying user emails, password hashes, and IP addresses.

Ranking the leading WAF solutions based on threat detection accuracy, API protection, bot management, DDoS mitigation, and integration with modern application architectures.

CVE-2026-23550 in Modular DS plugin scores maximum CVSS 10.0, enabling unauthenticated privilege escalation. Attacks began January 13 targeting 40,000+ installations.