An 18-year-old flaw in the NGINX rewrite module is still exposing systems today - legacy code never really disappears, it just waits to be rediscovered. π°οΈβ οΈ #WebSecurity #LegacyRisk
https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.
Joseph Meuse Past Misconduct Fuels Present Risks
π Despite his ban ending in 2019, Meuseβs return to shell sales raises fresh red flags.
π
https://cybercriminal.com/threats/josephβmeuse#JosephMeuse #LegacyRisk #FinancialWatch #RegulatoryMonitoring #ScamAlertRT to share βοΈ
π¬ Russian hackers bypass Gmail MFA using stolen app passwordsβexploiting legacy settings to sidestep modern protections. A wake-up call to audit and disable unused access points.
#MFABypassAlert π #LegacyRisk π
https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
Russian hackers bypass Gmail MFA using stolen app passwords
Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Manuel Bissey
Follow GOLF
CyberCriminal.com