From Prompt to Runtime: Four Ways to Find NGINX Rift (CVE-2026-42945) with OX Security
This newly released CVE and the related exploit leave millions of NGINX instances around the world exposed. Here’s how you can check if you’re vulnerable, with detailed insight into how OX Security can find the issue for you across four different angles. What is NGINX Rift? The latest NGINX vulnerability family, dubbed “NGINX Rift”, was […]
Confirmed Critical | “The Grafana Ghost” exposes 36% of public-facing instances to malicious account takeover
More than 95% of Application Security alerts are just noise – as demonstrated by OX Security research. But CVE-2025-4123 – “The Grafana Ghost”, as we will refer to, is not one of them. This newly discovered vulnerability is a rare case that demands attention, time, and resources from security teams. OX Security’s research reveals that […]
CVE-2025-29927: Is Your Middleware Really Protecting You?
Imagine building a robust security system for your web application only to discover that a simple, overlooked header allows attackers to bypass all your defenses. This is precisely the scenario developers faced with the discovery of CVE-2025-29927, a critical vulnerability in Next.js. This vulnerability allows attackers to bypass authorization checks implemented in Next.js middleware by […]
Kubernetes’ Ingress-NGINX Nightmare — CVE-2025-1974: Patch Now or Risk Exposure!
CVE-2025-1974 is a critical security vulnerability identified in Kubernetes’ ingress-nginx controller. Under certain conditions, an unauthenticated attacker with access to the pod network can execute arbitrary code within the ingress-nginx controller’s context. This exploitation may lead to the disclosure of secrets accessible to the controller, which, in default installations, includes all cluster-wide secrets. Affected Kubernetes […]
From Risk to Resolution: OX Security’s Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization
In June 2023, a critical vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer software was exploited by adversaries, resulting in a series of high-profile data breaches. Despite the availability of patches, and the vulnerability being publicly known and actively exploited, many organizations failed to prioritize its remediation. This lapse allowed attackers to gain unauthorized access […]