Depthfirst
Coverage of Depthfirst in the Nexus archive.
- Twenty One Zero-Days in FFmpeg
A research report by DepthFirst identifies 21 zero-day vulnerabilities in the FFmpeg multimedia framework, highlighting potential security risks.
- NGINX Rift attackers waste no time targeting exposed servers
A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers discovered multiple security vulnerabilities in NGINX Plus and NGINX Open, including a critical 18-year-old flaw that allows unauthenticated remote code execution. The vulnerability is a heap buffer overflow issue impacting ngx_http_rewrite_module with a CVSS v4 score of 9.2. This flaw could enable attackers to achieve remote code execution or cause crashes.