A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's backend infrastructure.
https://www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/
BleepingComputer
npub1pk…z6763
2026-02-04 23:27:14 UTC
Author Public Key
npub1pkrnqz97z2wckgmwglckccgg65eanvw3wpvuses7npqlvv6st06svz6763Seen on
wss://relay.momostr.pinkPublished at
2026-02-04 23:27:14 UTCEvent JSON
{
"id": "7cde9e223e34c4cb8b7b4094a05257b956fe816d615a1415493cad618b0496b9",
"pubkey": "0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5",
"created_at": 1770247634,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@BleepingComputer/116014948956157229",
"web"
],
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/116014948956157229",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/BleepingComputer/statuses/116014948956157229",
"pink.momostr"
],
[
"-"
]
],
"content": "A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's backend infrastructure.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/",
"sig": "65626accb2a9ea4fff63b0b94a70971a920441d4650c264c57a0b7e9c8a0c23c60edf62e45bc15c0a659fd44f30545cda24e01472b86defd2a82f9cc58da8256"
}