Find notable cyber news and cases, enriched with sources, timelines, and signals.

NGINX traffic hijacking campaign targeting Asian and government domains

Campaign
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

A threat actor is running an active traffic-hijacking campaign against NGINX servers, rerouting user requests through attacker infrastructure and increasing the risk of stealthy interception. The operation targets sites on .in, .id, .pe, .bd, and .th domains as well as .edu and .gov properties.

Related Happenings

NGINX web server critical flaws (multiple vulnerabilities)

Vulnerability
H score38 First: 18.06.2026 14:33 Last: 18.06.2026 14:33 Sources 1

About this happening: **NGINX** had two critical web server vulnerabilities, **CVE-2026-42530** and **CVE-2026-42055**, that can let **remote unauthenticated attackers** trigger **remote code execution...

F5 NGINX out-of-band security updates (multiple vulnerabilities)

Security Patch Release
H score34 First: 18.06.2026 14:33 Last: 18.06.2026 14:33 Sources 1

About this happening: **F5** released **out-of-band security updates** for **NGINX** after finding multiple web server vulnerabilities, including **two critical flaws** that could enable **remote code...

Nginx security patch release for CVE-2026-49975

Security Patch Release
H score42 First: 03.06.2026 22:08 Last: 03.06.2026 22:08 Sources 1

About this happening: Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...

NGINX and Apache HTTPD HTTP/2 Bomb mitigations

Advisory/Mitigation
H score46 First: 03.06.2026 11:33 Last: 03.06.2026 11:33 Sources 1

About this happening: Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...

NGINX Plus and NGINX Open Source ngx_http_rewrite_module heap buffer overflow remote code execution flaw (CVE-2026-42945)

Vulnerability
H score28 First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: **CVE-2026-42945** exposes a **heap buffer overflow** in **NGINX Plus** and **NGINX Open Source** through **ngx_http_rewrite_module**, creating risk of **unauthenticated remote co...

Timeline

  1. 05.02.2026 01:26 2 articles · 5mo ago

    NGINX traffic hijacking campaign disclosed

    Initial Disclosure

    Researchers at DataDog Security Labs describe an active campaign against NGINX installations and Baota hosting management panels where attackers inject malicious `location` blocks, rewrite requests with `proxy_pass`, preserve common headers, and exfiltrate a map of hijacked domains and proxy targets to 158.94.210[.]227.

    Show sources