Mastodon says its flagship server was hit by a DDoS attack

The DDoS attack against Mastodon's flagship server comes less than a week after Bluesky was targeted with junk web traffic.
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
Bleeping Computer

The best Web application firewalls to protect your network

Web applications are able to protect your Web assets from attack – especially websites. Discover the best Web application firewalls, as we explore the market and recommend our top choices. Websites ...
Computerworld

Mass SQL injection attack targets Chinese Web sites

CORRECTION: Due to a reporting error, the nature of a mass SQL injection attack in January was misstated. That attack was tailored to target SQL Server. The story has been corrected. Web sites across ...
Ars Technica

Attack wrangles thousands of web users into a password-cracking botnet

Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks. A web search for the ...

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...
TechCrunch

Spam attack on Twitter/X rival Mastodon highlights ‘fediverse’ vulnerabilities

A spam attack that impacted the open source X rival Mastodon, Misskey and other apps highlights how the decentralized social web, also known as the fediverse, is open to abuse. Over the past several ...