Critical vulnerabilities in Real-Time Messaging Protocol (RTMP) implementations are being actively exploited across media streaming platforms. Multiple zero-day exploits have been observed in the wild, potentially affecting thousands of streaming services and CDN providers.
A sophisticated threat campaign targeting RTMP (Real-Time Messaging Protocol) implementations has been detected across major streaming platforms and content delivery networks. The attacks exploit previously unknown vulnerabilities in RTMP server implementations, allowing attackers to execute arbitrary code and potentially hijack media streams. Initial analysis indicates that the campaign began in early March 2026, with multiple streaming providers reporting unauthorized access and stream manipulation. The attack vector appears to leverage buffer overflow vulnerabilities in RTMP handshake processes, combined with sophisticated payload delivery mechanisms that bypass common security controls.
The cybersecurity community has identified a critical threat targeting RTMP infrastructure, dubbed 'Bye Bye RTMP.' This campaign specifically exploits vulnerabilities in RTMP server implementations, affecting major streaming platforms, content delivery networks (CDNs), and organizations utilizing RTMP for live video streaming.
First observed on March 8, 2026, the campaign has shown increasing sophistication and scope, with multiple variants of the exploit chain being deployed against different targets.
The attack chain consists of three main components:
The primary exploit leverages buffer overflow vulnerabilities in the RTMP handshake process, allowing attackers to inject malicious code into the streaming server's memory space.
The campaign has severely impacted several sectors:
A recent hack of an implantable orthopedic device maker has significant implications for the healthcare and medical device sectors. The breach highlights the vulnerability of connected medical devices to cyber threats. As of April 1, 2026, the incident is under investigation.
A critical out-of-bounds read vulnerability in Citrix NetScaler systems poses significant risks to enterprise infrastructure. The vulnerability affects ADC and Gateway appliances, potentially enabling unauthorized access and system compromise.
A critical vulnerability (CVE-2026-25645) has been identified in the Python Requests library's extract_zipped_paths() utility function, enabling potential arbitrary file writes through insecure temporary file handling. This vulnerability affects applications using the Requests library for handling zipped file paths.
A severe denial-of-service vulnerability has been discovered in the widely-used python-ecdsa cryptographic library. The flaw allows attackers to crash applications by exploiting improper DER length validation in crafted private keys.