HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Web-Security

6 posts

/http2-bomb-remote-dos/http2_bomb.png
HTTP/2 Bomb Takes Down nginx Apache IIS Envoy and Cloudflare

June 3, 2026

A new exploit called HTTP/2 Bomb lets one ordinary home computer take down nginx, Apache, Microsoft IIS, Envoy and Cloudflare Pingora, the web servers behind a …

/ghost-cms-cve-2026-26980/featured-image.png
Ghost CMS SQL Injection Stole Admin Keys From 700 Websites With One Request

May 26, 2026

A SQL injection vulnerability in Ghost CMS has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive …

/nginx-ui-mcpwn-cve-2026-33032/featured-image.png
Nginx-UI MCPwn (CVE-2026-33032): Full Server Takeover With One Unauthenticated Request

April 16, 2026

A critical vulnerability in nginx-ui has been actively exploited since March 2026, and it gives any attacker on the network full control over the nginx server …

/nginx-hijacking-no-malware/featured-image.png
Hackers Are Hijacking NGINX Servers Without Installing Malware

February 5, 2026

Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a …

/ni8mare-n8n-cve-2026-21858-rce/featured-image.png
Ni8mare: n8n Vulnerability Gives Full Admin Access with One HTTP Header Change

January 10, 2026

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …

/wired-hack-idor-vulnerability-subscriber-data/featured-image.jpg
WIRED Magazine Hacked: 2.3 Million Records Leaked via Basic IDOR Vulnerability

December 30, 2025

WIRED magazine got hacked. 2.3 million subscriber records leaked. And this is just the beginning. 😏 A hacker called “Lovely” dumped the database on …