CVE-2026-12218 Stack-Based Buffer Overflow in Yealink SIP-T46U Web FastCGI Service vulmon.com/vulnerabilitydeta…

CVE-2026-12219 Command Injection in Yealink SIP-T46U 108.86.0.118 Web FastCGI Service vulmon.com/vulnerabilitydeta… Vulnerability Notification: alerts.vulmon.com/?utm_sourc…

CVE-2026-12222 Stack-Based Buffer Overflow in Yealink SIP-T46U Web FastCGI Service vulmon.com/vulnerabilitydeta…

CVE-2026-12223 Command Injection in Yealink SIP-T46U 108.86.0.118 Web FastCGI Service vulmon.com/vulnerabilitydeta…

مجموعة Velvet Ant المرتبطة بالصين قدرت تخترق وتتخفى داخل شبكة معزولة تقريباً 10 سنوات، بدون اتصال مباشر بالإنترنت. 🥲 المدخل كان عبر أنظمة مكشوفة للإنترنت، بعدها بنوا مسار تنفيذ عن بُعد يوصل للشبكة المعزولة ( Pivot ) عبر Ngix و FastCGI وطلبات HTTP.

#threatreport #HighCompleteness Velvet Ant’s Operation Highland: How a China-Nexus Actor Infiltrated an Internal Network Undetected | 11-06-2026 Source: sygnia.co/blog/operation-hig… Key details below ↓ 🧑‍💻Actors/Campaigns: Velvet_ant Operation_highland 💀Threats: Velvetshell, Gs-netcat, Credential_harvesting_technique, Credential_dumping_technique, Timestomp_technique, Logcleaner_tool, Pnscan_tool, Pscan_tool, 🎯Victims: Major organization, Critical infrastructure 🏭Industry: Critical_infrastructure, Healthcare 🌐Geo: China 📚TTPs: ⚔️Tactics: 4 🛠️Technics: 0 🧨IOCs: - Domain: 9 - IP: 5 - Hash: 276 - Coin: 1 💽Software: OpenSSH, systemd, Chrome, Nginx, FastCGI, SELinux, ELinux di, Linux 🔢Algorithms: sha1, md5 🔠Functions: Internet-Facing 📜Programming Languages: perl #threatreport: The investigation by Sygnia into Velvet Ant’s Operation Highland revealed a sophisticated cyber attack attributed to a China-nexus threat actor, characterized by a nearly decade-long undetected presence within a critical infrastructure network. The initial compromise dates back to 2016, with Velvet Ant demonstrating advanced strategies for maintaining persistence and control over the network by targeting the authentication stack crucial for access management. Velvet Ant executed a multi-stage attack strategy, starting with gaining access to internet-facing systems before pivoting through the IT network to infiltrate the isolated critical infrastructure segment. One of the paramount vulnerabilities exploited was the compromise of the Pluggable Authentication Module (PAM) and OpenSSH binaries, facilitating complete oversight over authentication processes. This manipulation allowed the threat actor to observe all credential usage, effectively sidestepping standard authentication checks, leading to persistent access that remained intact despite any password changes. Among the specific technical details of Velvet Ant’s methods, the use of backdoored versions of PAM modules (such as pam_unix.so) and maliciously modified OpenSSH binaries revealed the extent of their operational capabilities. Nine variants of the pam_unix.so module were identified, each individually compiled and designed to bypass authentication by embedding backdoor passwords and harvesting legitimate credentials through tampered authentication flows. Additionally, altered OpenSSH binaries captured and stored user credentials and logged shell commands while including functionalities designed to disable logging and access control measures on the systems. Velvet Ant’s arsenal also incorporated tools such as a modified version of GS-Netcat as a covert reverse shell, encrypted for stealth while the threat actor blended its presence within system processes by manipulating process names. Furthermore, a custom execution bridge using Nginx and FastCGI allowed for remote command execution through HTTP requests, enabling access to the critical infrastructure without necessitating a direct connection. Remediation of the attack posed significant challenges due to the manipulative techniques employed by Velvet Ant. Merely replacing the compromised services would not suffice, as any incorrect removal of altered PAM modules or OpenSSH binaries could result in access denial for administrators, jeopardizing operational continuity. Therefore, a meticulous remediation strategy was developed to carefully replace malicious components, ensuring minimal disruption whilst validating SSH and authentication health through rigorous testing. Ultimately, Operation Highland exemplifies the intricacies of maintaining undetected access in high-security environments, emphasizing the intricacies faced by defenders in detecting insidious attacks that exploit trusted system components. The ability of threat actors to integrate deeply within system processes necessitates proactive threat hunting and an analytical approach directed at identifying unexpected or inconsistent behaviors, rather than relying solely on signature-based detection.

Mi primer proyecto con Ruby fue con 1.86 (Rails usaba FastCGI 🥲). Y un cliente todavía tiene algo con Ruby 2.3.8 funcionando.

Those who don't learn history... The Open Market Secure Web Server did this in 1995, using select(2) and fastcgi.

結構ガッツリFastCGIのプロトコルの話が始まった #frontend_phpcon_do #vaddy_room

还是Apache的不是nginx的。卧槽了这个东西不会是拿CGI/fastCGI之类的技术写的吧？怎么index直接就是php了？那样性能不会慢到爆炸吗？

XServer VPSに移行したのにWordPressが遅いまま、という人へ 高速化の答えはこの3層： 🔵 KUSANAGI（Nginx最適化環境） 🔴 Redis（DBクエリをメモリでキャッシュ） 🟢 FastCGIキャッシュ（PHP処理をスキップ） コマンド付きで全手順をまとめました↓ techotakulab.com/xserver-vps…

Self-hosting'in gerçeği: Nginx config Apache config Varnish VCL Certbot cron PHP-FPM pool'ları multi-PHP kabusu vsftpd chroot cPanel'e $45/ay. 7 ayrı dünya, 7 ayrı doc. UWAS'ı yazma sebebim bu: hem web server stack hem control panel, tek Go binary. İçinde Auto HTTPS HTTP/3, Varnish-level cache, .htaccess uyumlu rewrite, multi-PHP FastCGI, 5 algoritmalı LB, WAF, on-the-fly WebP/AVIF, React dashboard, SFTP (pure Go), DNS editor, WordPress manager, site migration wizard. Henüz under development. cPanel/Plesk kullananlar, en sinir olduğunuz şey ne?

FastCGI 아시면 건강검진 매년 빠르게 받으시고 당뇨, 고혈압 확인해보시고 에또.. 뭐더라.

FastCGI: 리버스 프록시용으로는 30년이 지나도 여전히 더 나은 프로토콜 - 장기 실행 백엔드에 소켓으로 요청을 넘기는 프록시 프로토콜로서, 기존 HTTP 핸들러 구조를 거의 바꾸지 않고 적용 가능함 - HTTP/1.1 역프록시는 메시지 경계 해석이 구현마다 어긋나기 쉬워 d… news.hada.io/topic?id=29033

📰 蔡神爷每日新闻速递 | 2026年4月30日 - 🌐 全球科技（Hacker News） 1. Zed 1.0 正式发布 - 高性能代码编辑器 Zed 终于发布 1.0 正式版 🔥1447 points 2. HERMES.md 触发 Claude Code 额外计费 - 提交信息中含 HERMES.md 会导致请求被路由到额外用量计费 🔥933 points 3. Cursor Camp - neal.fun 推出 Cursor 编程夏令营趣味交互体验 🔥529 points 4. Copy Fail 漏洞（CVE-2026-31431） - 剪贴板安全漏洞引发广泛关注 🔥474 points 5. FastCGI：30岁的反向代理协议仍是优选 - 技术博文重新审视 FastCGI 的价值 🔥222 points 🇨🇳 国内科技（36氪 / 腾讯新闻） 1. DeepSeek 灰度上线"识图模式" - DeepSeek 多模态能力升级，"鲸鱼开眼"支持图片识别 🔥实时 2. 电脑涨价20%市场人流空荡荡 - 硬件成本上涨传导至终端消费市场 🔥51万 3. 深圳发布楼市新政 - 限购再放宽，公积金贷款额度提升最高可贷351万元 4. 年内基金自购超20亿元 - 机构主要配置权益类产品，传递市场信心信号 5. 算力租赁加速集中，头部企业步入业绩兑现期 - 算力行业进入集中化竞争阶段 💰 财经金融（华尔街见闻） 1. Anthropic 考虑按超9000亿美元估值融资 - AI 巨头估值持续攀升，创历史新高 2. 微软上季营收超预期，Azure增40% - 预计2026年资本开支1900亿美元，AI 投入加码 3. AWS 收入增速近两年最高 - 云业务力挺亚马逊 Q1 营收提速 4. GPU 租赁价格6周涨114% - 算力即国力，算力租赁业绩超预期爆发 5. 美联储34年最大分歧 - 油价飙升叠加政策分歧，美债重挫，黄金三连跌 🔥 社会热点（微博热搜） 1. 男子借宿同学家致一死一伤案取消开庭 🔥110万 2. 莫氏鸡煲老板还剩40万债务 🔥79万 3. 2026世界市长对话西安 🔥62万 4. 宇宙或仅剩约333亿年的寿命 🔥52万 5. 电脑涨价20%市场人流空荡荡 🔥51万 🐙 开源项目（GitHub Trending） 1. obra/superpowers - Agent 技能框架与软件开发方法论，17.3万 ⭐ 2. microsoft/VibeVoice - 微软开源前沿语音 AI，4.6万 ⭐ 3. mattpocock/skills - 实用工程师技能集，来自 .claude 目录，4.4万 ⭐ 4. warpdotdev/warp - 基于 Agent 的开发环境，4.4万 ⭐ 5. GitNexus - 浏览器端代码知识图谱 Graph RAG，3.3万 ⭐ - 📌 蔡神爷一句话点评 Anthropic 超九千亿估值融资——AI 军备竞赛已进入"烧钱决赛圈"，OpenAI、Anthropic、Google 三巨头估值齐奔万亿，真正的赢家还没出现，但账单已经来了。微软一句"2026年资本开支1900亿"，说明一件事：所有公司都在用真金白银给 AI 赌未来。 HERMES.md 漏洞事件（933 points）——一个文件名就能让你的 AI 编程工具多扣钱，这提醒我们：AI 工具的计费逻辑远比想象中不透明，用之前得多留个心眼。

Regarding agwa.name/blog/post/fastcgi_… HTTP is hard to parse - but it's not that hard. Maybe this is little known, but one of the critical pieces that allowed Node to succeed was a little http 1.1 parser I wrote painstakingly by hand (with heavy inspo from Mongrel and NGINX). I am still quite proud of it. You can see the first version here: github.com/nodejs/node/tree/… But HTTP parsing is a solved problem now. Even if your language didn't have an HTTP parser - which is very unlikely - you could vibe it up quickly. We really don't need to re-serialize it to FastCGI.

What's old is new again. I'm not sure why FastCGI lost out to HTTP so much in recent years on backends but I would guess that people wanted websockets. Still a good protocol. agwa.name/blog/post/fastcgi_…

Been trying to deploy an application via IIS locally on my PC, so it is always available on my PC without having to manually run the server. FastCGI won't connect to IIS, then switched from a python server to a dotnet server. Test has not worked as intended.

Fully agree. A properly cached WordPress site on FastCGI delivers excellent performance on hardware you fully control. EmDash on Cloudflare Workers is fast and global too, but it runs on their infrastructure as a subscription. One is an owned asset, the other is a service. Both have their place.

A properly cached WordPress site on FastCGI serves 1,097 requests per second with 5ms TTFB. That's not speculation. That's a benchmark on real hardware. EmDash on Cloudflare Workers? Also fast. Also global. But here's the difference: WordPress gives you that performance on hardware you control. EmDash gives you that performance on Cloudflare's infrastructure. One is an asset. The other is a subscription. Neither is wrong. But don't pretend they're the same thing.